New Exploit?

Some new exploit in garrysmod has been developed.I have applied the new fixes but currently some guy just joins the server in the name of Conficker (C:) and then server instanly crashes.Checked logs his SteamID was pending :/.

He did not use the upload exploit as he did not damage the server files.

We care why?


(User was permabanned for this post ("Why reply?" - Benji))

Maybe your server just can’t handle extra people?

Your server fails at life. Shoot it in the head.

Maybe you should stop being douches to him? He has a legitimate concern.

We didnt ask for your oppinion, black man.


(User was banned for this post ("Trolling" - Greeman))

Yes he did use the server exploit of which was already was reported. This guy is useing the server pwn exploit. Nothing you or anyone can do. Case closed.

Ah, finally someone has made a thread about this.
Conficker(C:) Happened to join the server I’m super admin, (LiveTrashes Serious Build Server), today.
Before he even gets in, Crash

But, Upon later investigation, he turns out to be a long time pest of ours, “Avaster”. He has joined the server multiple times, crashing it each time. He has even managed to change “Server.cfg” into a folder somehow.
He is a serious threat, and it seems IP banning does not work either, as we have done so multiple times, and this time it actually banned one of our other players, even though they had a different IP.

Avaster’s Steam ID Page, http://steamcommunity.com/profiles/76561197983869206
-Snip- Profile is private…

Stop bitching on facepunch.

Go spam the hell out of the Valve forums.

Valve has to fix this and by bitching here you just spam this forum more than it is.

  1. Who cares
  2. Stop makeing panic by not Reading things which already mention the Server Pwn exploit and the Badadems Triangle exploit( server upload download exploit)

1)Don’t care, don’t post.
2)I’m just posting about the thread, no need to panic.

what the fuck is a server pwn exploit and a Badadems Triangle exploit( server upload download exploit).

This is what the exploit is.

http://aluigi.altervista.org/adv/sourceupfile-adv.txt

Its a spy

The fix is basically upload the engine.dll from your files, to the server files. That’ll fix the problem.

Im the user that got banned on livetrash’s server :D. I confirm this. Also, to those people coughnotaspycough stop being a douche. Your flaming. Stop. Flaming is bad. If you don’t care, gtfo.

The server pen exploit is used by loading craps files to servers when joining, to activate that the person has to join so normaly you see who has done it before it causes srcds errors. Badadems Triangle named more for the triangle because there are 3 stages to which commonly it’s used, 1) Accesing server files. 2)Downloading the private files. 3)Uploading the files. Badadems was the first known user to complete the triangle and now people are using it to download Taco script and other things.

Because these are totally different exploits. :rolleyes:

They are the same thing as what I posted, those are just modified versions of it that actually work for malicious purposes.

Not unless your a pyro.

Hai, my server got attacked by this Avaster kid, and it is an easy fix. If you actually read this: http://aluigi.altervista.org/adv/sourceupfile-adv.txt you’ll understand how it happens.

I did, and figured out how to fix it. Very simple. engine.dll is not the issue. I tried re-uploading one, and it didn’t work. This particular time, cl_init.lua and init.lua were turned into folders (which is how the exploit works) and I simply re-uploaded the files again.

So to Avaster, fuck you, ya little 10 yr old script kiddie. Go get a job or something, and get a life.

Hm, funny how if you actually read it, you’ll understand that you’re wrong and all avaster did was MOVE your files into folders. You are completely wrong and you know people can still steal, upload, and edit your files. Also notice how this affected all source games at one point before they updated them, meaning it wasn’t some Lua exploit…