- Joined
- Aug 18, 2012
- Messages
- 511
- Reaction score
- 174
Welcome , RaGEZONE
Nowadays alot of servers have exploit problems,
so i will release everything I know about exploits and how you fix them below
Trade bugs:
Shardmanager exploit(Server.cfg)
Website holes (Created by Akasch's team aka Project X)
Linux proxy exploit fixes (SimpleFW) remake:
OVH firewall settings:
Credits to radde94
Copied & Released by me
Hope i helped little bit
Thank you. :ciao:
Nowadays alot of servers have exploit problems,
so i will release everything I know about exploits and how you fix them below
Trade bugs:
Trade bug(Gameserver) crash:
1. Join trader.
2. Get trade pets.
3. The moment you press teleport, open a trade pet.
4. Gameserver will crash when you get it good timed.
5. Easier if you use Jangan teleporters from West to East, they are also free.
Fix: Trade bug(Gameserver) crash fix (_AddNewCOS) producer:
Trade bug v2:
1. Level 20 needed.
2. Die from monster.
3. Join trader.
4. Use guild rise or back to death teleports with trade pets.
5. Gameserver will crash if you do it correctly.
Trade bug v2 fix: (2 ways)
1. Delete level 20 teleports.
2. Change level from trade/theif suit above level 20.
Trade bug v3 (Unknown):
Something with reverse recall point or dead spawn point
Trade bug v3 fix:
1. Change level on reverse (above) level 20.
1. Join trader.
2. Get trade pets.
3. The moment you press teleport, open a trade pet.
4. Gameserver will crash when you get it good timed.
5. Easier if you use Jangan teleporters from West to East, they are also free.
Fix: Trade bug(Gameserver) crash fix (_AddNewCOS) producer:
Code:
USE [SRO_VT_SHARD]
GO
/****** Object: StoredProcedure [dbo].[_AddNewCOS] Script Date: 9/7/2014 3:52:11 PM ******/
SET ANSI_NULLS OFF
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[_AddNewCOS]
[USER=805986]OwNeR[/USER]CharID int,
[USER=18171]ReF[/USER]ObjID int,
[USER=501312]level[/USER] int,
@HP int,
@MP int,
@HGP int,
[USER=481856]keeper[/USER]NPC int,
[USER=790866]sta[/USER]te int,
[USER=31337]inventor[/USER]ySize int,
@itemID int,
[USER=1333365122]Pickit[/USER]emConfig tinyint,
[USER=1333434935]ren[/USER]tEndTime smalldatetime
as
begin tran
declare [USER=1333422870]CoS[/USER]_ID int
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-- pet_skill_item (ÃÖ¼±È£)
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
declare [USER=2000008437]Maxin[/USER]ventorySize tinyint
select [USER=2000008437]Maxin[/USER]ventorySize = InventorySize
from _RefObjCommon, _RefObjChar
where _RefObjCommon.ID = [USER=18171]ReF[/USER]ObjID and _RefObjCommon.Link = _RefObjChar.ID
if( @@rowcount = 0 or [USER=2000008437]Maxin[/USER]ventorySize < [USER=31337]inventor[/USER]ySize )
begin
rollback tran
return -5
end
insert into _CharCOS values [USER=805986]OwNeR[/USER]CharID, [USER=18171]ReF[/USER]ObjID, @HP, @MP, [USER=481856]keeper[/USER]NPC, [USER=790866]sta[/USER]te, NULL, [USER=501312]level[/USER], 0, @HGP, [USER=1333365122]Pickit[/USER]emConfig, [USER=1333434935]ren[/USER]tEndTime)
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
set [USER=1333422870]CoS[/USER]_ID = @@identity
if [USER=1333422870]CoS[/USER]_ID = 0 OR @@error <> 0)
begin
rollback tran
return -1
end
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-- pet_skill_item (ÃÖ¼±È£)
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
if [USER=2000008437]Maxin[/USER]ventorySize > 0)
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
begin
declare [USER=558012]slot[/USER] int
set [USER=558012]slot[/USER] = 0
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-- pet_skill_item (ÃÖ¼±È£)
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
while [USER=558012]slot[/USER] < [USER=2000008437]Maxin[/USER]ventorySize)
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
--@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
begin
insert into _InvCOS values [USER=1333422870]CoS[/USER]_ID, [USER=558012]slot[/USER], 0)
if (@@error <> 0)
begin
-- Àκ¥Å丮 »ý¼º ½ÇÆÐ!
rollback tran
return -2
end
set [USER=558012]slot[/USER] = [USER=558012]slot[/USER] + 1
end
end
/* --´õ ÀÌ»ó ÀÌ Ä÷³¿¡´Â µ¥ÀÌÅ͸¦ ³ÖÁö ¾Ê´Â´Ù!
UPDATE _Char SET EngagedCOS = [USER=1333422870]CoS[/USER]_ID WHERE CharID = [USER=805986]OwNeR[/USER]CharID
IF (@@ERROR <> 0 OR @@ROWCOUNT = 0)
BEGIN
ROLLBACK TRANSACTION
RETURN -3
END
*/
if( @itemID <> 0 )
begin
update _Items set Data = [USER=1333422870]CoS[/USER]_ID where ID64 = @itemID
if( @@error <> 0 or @@rowcount = 0 )
begin
rollback transaction
return -4
end
end
commit tran
declare [USER=845969]bla[/USER] varchar(max);
select [USER=845969]bla[/USER] = codename128 from _refobjcommon where ID = [USER=18171]ReF[/USER]ObjID
if [USER=845969]bla[/USER] like '%COS_T%'
begin
WAITFOR DELAY '0:00:00.5'
return [USER=1333422870]CoS[/USER]_ID
END
return [USER=1333422870]CoS[/USER]_ID
Trade bug v2:
1. Level 20 needed.
2. Die from monster.
3. Join trader.
4. Use guild rise or back to death teleports with trade pets.
5. Gameserver will crash if you do it correctly.
Trade bug v2 fix: (2 ways)
1. Delete level 20 teleports.
2. Change level from trade/theif suit above level 20.
Trade bug v3 (Unknown):
Something with reverse recall point or dead spawn point
Trade bug v3 fix:
1. Change level on reverse (above) level 20.
Shardmanager exploit(Server.cfg)
Code:
AgentServer {
Certification "IP", port
traffic_filter_activity "service_on"
//MaxUser 5000
//SockTCPCount 15000
MaxConnectionsPerServer "5000"
MaxConnectionsPer1_OServer "5000"
traffic_filter_packet_count 100
traffic_filter_check_perid 500
}
Website holes (Created by Akasch's team aka Project X)
Do not use this website.
Exploit:
Exploit:
Code:
<form method="POST" action="http://URL/?action=odbc">
Account : <input type="radio" name="ssidA" value="Acc">
Shard : <input type="radio" name="ssidA" value="Shard">
<input type="text" name="ssidV" value="" style='width:1000px' placeholder="Query">
<input type="submit" name="ssid" value="Send">
</form>
Linux proxy exploit fixes (SimpleFW) remake:
Code:
### FIREWALL RULES ###
iptables -N BADGUY
iptables -t filter -I BADGUY -m recent --set --name badguys
iptables -A INPUT -m recent --name badguys --update --seconds 3600 -j DROP
iptables -A INPUT -p tcp --dport LOGIN PORT -m connlimit --connlimit-above 5 -j BADGUY
iptables -A INPUT -p tcp --dport DOWNLOAD PORT -m connlimit --connlimit-above 15 -j BADGUY
iptables -A INPUT -p tcp --dport AGENT PORT -m connlimit --connlimit-above 15 -j BADGUY
The text with underline is the connections they can use to exploit, if you want IP limit 3, it will block at 4.
OVH firewall settings:
Credits to radde94
Copied & Released by me
Hope i helped little bit
Thank you. :ciao: