Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

AgentServer exploit - no logs no footprints

Initiate Mage
Joined
Oct 1, 2013
Messages
1
Reaction score
0
Dont know if this is an old or new sorcery but it is really a pain in the butt seeing my agent goes down. I recorded the activity of all server exes just to trace what happened and hope to find a clue, logs, or any footprint but the agent goes down without any of them -- it just closed.

im not a pro so i did a basic stuffs just to know what is happening, i tried to view the traffic using wireshark and i found this:

PHP:
## FROM CLIENT ## pcap2
2023    0c:00:00:50 :57:a6:b2:29:51:23:63:50:4d:7a:d8:67:b3:31
2045    00:00:00:90 :0b:c6
2046    0c:80 :25:28:14:3a:97:0d:b0:de:14:90:44:22:3d:9c:2d:ad
2049    08:80 :12:95:a9:79:e2:68:ff:ca:c7:c4:95:65:5b:bf:69:e8
2051    08:80 :44:9f:df:42:f2:2c:5f:e6:c7:c4:95:65:5b:bf:69:e8
2052    08:80 :63:f5:93:6a:3e:77:fd:f2:c7:c4:95:65:5b:bf:69:e8
2054    08:80 :7b:59:51:a5:fa:4d:8a:4b:c7:c4:95:65:5b:bf:69:e8
2060    08:80 :58:29:ec:53:97:77:34:2b:c7:c4:95:65:5b:bf:69:e8
2073    0f:80 :b7:aa:8d:f0:29:d1:ff:92:29:10:a1:03:36:40:4e:08:42:12:08:cd:8d:01:ed:c6
2081    08:80 :96:e6:f4:67:4f:96:32:bd:c7:c4:95:65:5b:bf:69:e8

## FROM CLIENT ## pcap7
49873    0c:00:00:50 :5f:8a:5d:8a:58:08:35:8c:18:5d:b6:65:0e:28
49992    00:00:00:90 :0c:ad
49993    0c:80 :bb:e3:7e:f5:e5:6a:d7:1a:bb:d2:12:74:af:0a:96:3a
49996    08:80 :49:99:07:8a:8a:93:2f:48:d1:78:2d:ac:77:5e:02:4d
50005    08:80 :b7:6a:68:b6:29:9b:25:d2:d1:78:2d:ac:77:5e:02:4d
50009    08:80 :17:2c:34:fa:64:38:9c:45:d1:78:2d:ac:77:5e:02:4d
50013    08:80 :09:f4:0a:2c:32:34:f0:a1:d1:78:2d:ac:77:5e:02:4d
50050    08:80 :37:33:db:c7:65:5d:7d:c5:d1:78:2d:ac:77:5e:02:4d
50142    0f:80 :b8:07:c6:c0:3a:dd:3b:4c:64:29:f0:e6:ab:cc:8c:dc:09:7d:1c:2b:e6:cc:cb:f3
50172    08:80 :49:99:07:8a:8a:93:2f:48:d1:78:2d:ac:77:5e:02:4d

I dont know ASM but i know how to code in c++ (a little) so i created a simple tool to capture these packets then block its src ip. But since it was connected already win firewall fails (but yeah, the IP was blocked). I included wkillcx.exe (a tool that can kill an established connection) but my agent still goes down. I am pretty sure that the packets above (from wireshark) are correct, i have many samples. i captured many packets during the attack and it was ended with those packets.

Here is my epic fail tool:

g8Pljzz - AgentServer exploit - no logs no footprints - RaGEZONE Forums


I am willing to pay to those who can recreate this exploit and fix it.
Please leave a msg. Thanks!
 

Attachments

You must be registered for see attachments list
Last edited:
Back
Top