I wanted to shoot out an email to everyone in regards to an exploit we have
come across today for those who are running Eventscripts & windows based
servers.
Apparently a user is able to upload "corelib.pyc" to the game server without
using the common FTP/Control panel and via the game server itself. In turn,
using eventscripts he is able to execute his script, create an administrator
with full remote desktop access and finally remove all his files once his
account is created.
Our security caught it before it was able to cause us any issues, however
this may be an issue for people who have lesser amount of security in place
and especially if you do not have a anti-virus/firewall running on the
machine.
We have also found there is multiple variations of this file, so you may
want to be sure you do a full look at your machines.
With that being said, the files are coming from a free web hosting account
over at t35.com - So if your machines have seen any connections in/out bound
to that host in the past 48 hours, I would highly suggest you check your
machines.
Now on to the hosts on this list, we also found this in his scripts:
So he was testing this somewhere else, someone else who is running TCAdmin -
If this is yours, I would start checking your boxes.
Attached is a decrypted copy of the corelib.pyc.
Joys,
-Lane
~ Mooga ...w00t? - SRCDS.com on Twitter Please do not PM me for server related help
fqdn Wrote:if you've seen the any of the matrix movies, a game server is not all that different. it runs a version of the game that handles the entire world for each client connected.
that's the 2 sentence explanation.
03-03-2010 06:11 AM
Nisd
Something?
Posts: 479
Joined: Jan 2009
Reputation: 4
Search
Member List
Calendar
Help
![[Image: mooga.png]](http://steamprofile.com/steam/profile/steamprofile/mooga.png)
