Very serious exploit/hack currently.

So, before you read this and say it’s impossible there are several server owners who will have already experienced this.

How does the hack work:

All I know:
Attacker users steam to get the IP (Steam voice chat)
Attacker can now run any command on him. Logs will show the command came from the victims IP.
I was told, although I have no idea if reliable, that the attacker & victim have to be in the same server. Now this makes me think the attack could be a multitude of things. A friend or 2 believes it could be some form of packet injection, however this seems unlikely.

What does the hack involve:
Well, basically there are a few levels of the hack that someone is selling. Level 1 just gives you superadmin(ULX only), the highest level will allow the user to run any console command on that user.

The attacker just needs to obtain a victims IP and then they are allowed to run any console command on the victim, and I do mean any even the ones safeguarded by Valve. To make things worse, the person selling these tools also provides a simple DoS to knock offline the person there attacking.

(George = superadmin/owner)
Attacker1 makes George give him superadmin
Attacker1 attacks George and knocks his internet offline for a few hours.

Well, just read through this and I sound like a complete moron. But alas I’m to tired, I’m only posting this here to see who else has been victim of this & to bring it to Garry’s attention.

Never knew you could hack someone with an IP :psyduck:

IP? Whataheck?

As far as I know, if the guy can do that, he surely would have full machine controll, to be able to run those commands.
The exploits that affect running commands that I know are the .CFG stealing ones, that the guy magically grabs the .cfg from the server’s folder and then gets access to the rcon password.

I think the OP bought some bad dope.

This is actually a serious matter ive seen it multiple times on my TTT server and others

If that’s true, that’s pretty fucked


Why would someone do this
Oh wait this is Internet

Packet spoofing.


I don’t really know UDP packet structure, does it send the source IP address in the header? I knew about using Steam voice chat to get the IP, but I’ve never really thought about packet spoofing.

The source address is located in the IP header, which can be modified. A tool to demonstrate this is udpsz, which you can find here.


It’s entirely possible. Swap the source IP in the command packet. Servers should only be vulnerable while an admin is connected, so if someone starts messing with you simply disconnect. Also, remove all commands that allow you to add admins ingame.


Or someone writes an example and releases it so as it gets abused to hell and back.

Yeah, I can confirm this is happening with ulx. The owner apparently ‘gave’ someone super admin, which he then proceeded to permanetly ban everyone with the reason ‘.’, The owner ‘disconnected’ right after he gave the player super admin, and told me he was dos’d / ddos’d for a couple hours.

Sadly, I did not.

I said it sounds implausible but other server owners will verify this.

It makes perfect sense. The only way the source server identifies a player is by IP. And commands are sent via UDP. UDP can be spoofed easily if there’s no handshake. And there’s no handshake.

I know, I meant to those with no network knowledge it sounds implausible.

Stick to making lua aimbots, you have 0 knowledge of protocols.

and you do?
bro, you can figure out everything about all the source engine packets in about ten minutes