Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

So were the War Z server files 100% fake?

Status
Not open for further replies.
Initiate Mage
Joined
Mar 29, 2013
Messages
14
Reaction score
2
Sirgey - So were the War Z server files 100% fake? - RaGEZONE Forums

War Z Server Files & Source Code Discussion
Let's "audit" the situation here.

• What happened to War Z?

servers and forums (including their databases) were compromised by multiple people it seems.
Details on how (Quoted from theDomo on this forum; cache backup of the post):
#######################################################################

Tile: WarZ, Warinc Hack
Author: H.J. Auditing Employee Brent Junker
E-mail: junker@HJauditing.com
Web:

#######################################################################

============
Introduction
============

In this document we will be covering the points of entry into Hammerpoint.

============
Part 1 "point of entry"
============

The hacker started by auditing. thewarinc.com
Found an SQL Injection in the forums wich has been patched since then.
After finding the SQL Injection, then proceed to dump the user table.
And some of the admins had passwords like ******.

From researching the user table, the hacker found out that kewk
where using the same password on the forum, his email,
The WarInc and The WarZ. This was the point of entry.

============
Part 2 "The Shell"
============

The hacker then proceeded of logging in to the admin cp of The WarZ.
Then proceeded going to the plugins and adding a malicious plugin for executing basic commands.

Plugin contained.
***************
And then executed the command ******************** to get a more sofisticated backdoor up.

example:
*****************************

Then the hacker hid the shell in a discrete directory so the administators would not find it.

============
Part 3 "password logging"
============

This is where it is starting to get interesting. The hacker placed a password logger in the vBulletin login function.
Then we would be able to grab all login sessions with plain text passwords

============
Part 4 "Accessing emails"
============

About more than half of the employees used the same passwords on their email accounts along with their personal email.
So inside their email contained information about SVN, RDP, what hosting company they where using and conversations between
employees, witch contained some inappropriate content on their work emails.....


...... and more
More (retarded) information on that here:

What is the "War Z Server files" thread? Who is "Sirgay"?
Originally, a retarded user named "Sirgay" created this thread: http://forum.ragezone.com/f111/warz-serverfiles-29-03-2013-a-920346/ to most likely just cause drama and infect people. He claimed infecting the War Z servers, as well as having up-to-date server files (but no sourcecode). He could barely speak english fluently, and in the end the files were completely fake (and included viruses)

What was really in Sirgay's files?
Upon release of the so-called "files" he had, there was 3 seperate .rars to download as well as a database file. The final rar was called "WarZMarch30.rar" and here is a picture of the contents:
FxwP1qH - So were the War Z server files 100% fake? - RaGEZONE Forums

This looks to me like the data extracted from War Z including the client files with other random crap included.

There was a bunch of files with "Super Mario Bros" as the title and a "Studio.exe" virus which copied a java.exe to your localdata folder with a text script and disabled your task manager. Retards.

The database he uploaded was a "Kal Online" database which had nothing to do with War Z and was last modified in 2008.

What's Happening Now?
This thread was made to inform everyone on what's going on here.

I was infected! How can I remove it?
(you should have been a little smarter, but)
Here is a simple guide on how to remove the infection if you need help post here also make sure to download malwarebytes also i know this is in wrong section but i posted here so the infected users have a better chance to see.

Tips:
Having a problem removing restore your PC back to a previous date
Disconnect your pc from the internet well doing this, (to stop him from messing you up)



Windows XP & Vista/7
1. First go to your start and select Run if you don't see run then seach for it.
2. Once you click on it type %appdata% and go to the bottom do you see java.exe
3. Now minimize that and go back to run type msconfig and then select startup disable java.exe
4. Now restart your PC and then login and go back to appdata and delete java.exe

Windows 8
1. First go to your start and search for run then type %appdata% and see if you got java.exe
2. Hold [CTRL] + [ALT] + [DELETE] then select startup disable java.exe
3. Restart your PC and then login then go back to your appdata and delete java.exe

Screenshots [Windows 8]
Notice i didn't get infected the program i was right clicked on in my startup wasn't the infected file was example

Px2wXti - So were the War Z server files 100% fake? - RaGEZONE Forums

jYdQMOJ - So were the War Z server files 100% fake? - RaGEZONE Forums
Re-enabling task manager:
Type regedit into search, navigate to this registry.
Code:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\]
Delete
Code:
DisableTaskMgr=1
or replace 1 with 0.

 

Attachments

You must be registered for see attachments list
Last edited:
Initiate Mage
Joined
Mar 31, 2013
Messages
15
Reaction score
0
3 days waiting for nothing...

Edit: and now i just finished the download of all files.. going delete..
 
Initiate Mage
Joined
Nov 21, 2007
Messages
21
Reaction score
0
well as upsetting as that was, im kind of glad they were not legit, means i can focus on things other than WarZ
 
Initiate Mage
Joined
Sep 23, 2012
Messages
55
Reaction score
6
They are out there somewhere it's only a matter of time... :/
 
Initiate Mage
Joined
Sep 23, 2012
Messages
55
Reaction score
6
"Regards.

# Update 1

The official servers were compromised. I have been given user databases and additional material to confirm this (unnamed sourced). Whilst the source code does exist and numerous people have it. Now, it's only a matter of time before they make their way here. It maybe a few days or weeks but they will be here, it all comes down to who wants to release it first. First person to release will get subscriptions here and e-glory.
"
 
Initiate Mage
Joined
Feb 5, 2012
Messages
0
Reaction score
0
I did dl everything using Jdownloader, should i do an antivirus scan?
 
Master Summoner
Joined
Mar 30, 2013
Messages
543
Reaction score
72
Really, why wont Brazilians release the source-code in here?
 
Initiate Mage
Joined
Mar 29, 2013
Messages
81
Reaction score
9
HAHA and you all called me a troll, I really should not say it, but screw it. I Ducking TOLD YOU ALL IT WAS BS!!!!
 
Junior Spellweaver
Joined
Dec 26, 2008
Messages
185
Reaction score
59
Hey guys.
Were the files INSIDE the RAR-package infected or the RAR package aswell?
So while executing the rar package, the pc got infected also?

I havent time to reinstall my sandbox again, thats why Im asking :)
 
Status
Not open for further replies.
Back
Top