-
New Agentserver crash exploit? (DoS)
Hello,
i noticed that someone is crashing our servers. He is sending packets to our Server. Maybe we can discuss what can be wrong with the agentserver and how to fix it.
here a part of the logs:
Code:
"...
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! MsgID[0x6101] IP[178.33.225.84]
2012-04-25 15:09:48 [AgentServer] WARNING!! A SUSPECT DETECTED!!! ..."
/discuss
Edit: I know that the packed 0x6101 is to request the serverstats.
-
Re: New Agentserver crash exploit? (DoS)
-
Re: New Agentserver crash exploit? (DoS)
v188
These are the 2 OPCodes that got sended to our server:
LoginClientServerListReq = 0x6101
LoginClientAuth = 0x6102
Thank you!
-
Re: New Agentserver crash exploit? (DoS)
you can nop that error, i did myself too.
-
Re: New Agentserver crash exploit? (DoS)
This causes an Servercrash if it appear to often. I had it like 500-600 times in an second.
I changed now our firewallsettings to limit the source connections. Now the agendserver isnt crashing anymore. :)
-
Re: New Agentserver crash exploit? (DoS)
-
Re: New Agentserver crash exploit? (DoS)
Quote:
Originally Posted by
Chern0byl
many thanks for you alex :thumbup1:
-
Re: New Agentserver crash exploit? (DoS)
Quote:
Originally Posted by
Chern0byl
Nice! Can you say what you changed?
Is it tested? :)
Thank you!
-
Re: New Agentserver crash exploit? (DoS)
Quote:
Originally Posted by
Wismo
Nice! Can you say what you changed?
Is it tested? :)
Thank you!
1st Thank you
2nd:
PHP Code:
old new
00001EA2: E8 90
00001EA3: 59 90
00001EA4: 25 90
00001EA5: 03 90
00001EA6: 00 90
00001ED2: E8 90
00001ED3: 29 90
00001ED4: 25 90
00001ED5: 03 90
00001ED6: 00 90
00001F00: E8 90
00001F01: FB 90
00001F02: 24 90
00001F03: 03 90
00001F04: 00 90
00001F19: E8 90
00001F1A: E2 90
00001F1B: 24 90
00001F1C: 03 90
00001F1D: 00 90
-
Re: New Agentserver crash exploit? (DoS)
I got error:
Z:\Server\AgentServer_no_xtrap2.exe is not a valid Win32 application.
How to fix that ?
Thanks !
-
Re: New Agentserver crash exploit? (DoS)
File is damaged, try re-download it.
-
Re: New Agentserver crash exploit? (DoS)
If someone has the program can you please re-upload it ?
-
Re: New Agentserver crash exploit? (DoS)
-
Re: New Agentserver crash exploit? (DoS)
I would if it wouldnt be filled with trojans...
-
Re: New Agentserver crash exploit? (DoS)
trojans? well, i'm working with it
and i'm using rising anti virus so it doesn't say anything but this is the agentserver noxtrap
-
Re: New Agentserver crash exploit? (DoS)
It is no surprise the files were altered prior to release! I requested clean copies of them exactly for that reason. Someone, possibly the uploader or releaser has been fiddling with the files by injecting asm and causing them to malfunction.
-
Re: New Agentserver crash exploit? (DoS)
Quote:
Originally Posted by
Maliq
It is no surprise the files were altered prior to release! I requested clean copies of them exactly for that reason. Someone, possibly the uploader or releaser has been fiddling with the files by injecting asm and causing them to malfunction.
If you dont trust us feel free to use "Log Out" button.
-
Re: New Agentserver crash exploit? (DoS)
-
Re: New Agentserver crash exploit? (DoS)
-
Re: New Agentserver crash exploit? (DoS)
can you upload it again :(
-
Re: New Agentserver crash exploit? (DoS)
can someone reupload..? thnx :D
-
Re: New Agentserver crash exploit? (DoS)
anyone know anything about token timeout exploit from agentserver ?
-
Re: New Agentserver crash exploit? (DoS)
Upload it please. We are waiting for fixed agent.
-
Re: New Agentserver crash exploit? (DoS)
-
Re: New Agentserver crash exploit? (DoS)
