New crash exploit part IV (17.04.2016)

New crash exploit part IV (17.04.2016)

Postby Grabbi » Sun Apr 17, 2016 1:07 pm

Hi everyone,

since easter 2016 we face a new troll using an exploit crashing servers.

Each time on maps with SDKFZ222 or subs the troll joins server,
prepares console for crash command [xxx.con]
and starts playing till he gets "kicked/banned" or even liberately executes the command.

Result: Server has encountered a problem and must be ended [Popup Msg in Windows Server over remote desktop, so there s NO "couldn t connect to server console" etc. message]

He changes IP over Socks5 Proxy each time he joins.
He changes KEYHASH each time he joins.

This is going on now for over a month.

Therefore we prepared wireshark and logged gameport 14567 upd

Server Settings: Windows Server 2012 / latest BF1942 Server.exe from Tuia [1.612 /128 slots]

Yesterday we could record the troll crashing the server and we hope this Wireshark logs can help to create a server fix to prevent trolls from crashing the remaining battlefiled servers for fun.


KarolPopiolek 95.211.101.232 2d115a5e168a98c87bfc18963470abb4 [unknown]

IP is server in the Netherlands:
http://anti-hacker-alliance.com/index.php?ip=95.211.101.232

Wireshark Recording Troll crashing server:
http://85.214.226.169/patches/hacker16042016.rar

rar file contains:

Wireshark protocoll [complete server communication], so you might need latest
Wireshark: https://www.wireshark.org/download.html

Troll informations:
KarolPopiolek 95.211.101.232 2d115a5e168a98c87bfc18963470abb4 [unknown]

and Wireshark Filter Protocoll [troll -server communication]


Hope you can help us to find a server fix, because ppl stop playing over time when this continues.


Best regards

Grabbi

PS: Only solution we have atm is to set Server under Password, and just give it to those we know well for years.
Image
User avatar
Grabbi
 
Posts: 32
Joined: Wed Aug 03, 2011 3:37 pm
Location: Netherlands & Germany

Re: New crash exploit part IV (17.04.2016)

Postby arivi » Thu Sep 21, 2017 7:39 am

Is there any new solution for this exploit?
Things that can not be learned are very few. Almost everything is taught. umowa kupna spzredaży
arivi
 
Posts: 2
Joined: Wed Sep 20, 2017 9:47 am

Re: New crash exploit part IV (17.04.2016)

Postby russ » Sun Oct 29, 2017 8:14 am

There aren't any weird packets coming from that client, are you sure it isn't a crash caused by something on the query port?
russ
 
Posts: 3
Joined: Sun Oct 29, 2017 8:12 am


Return to Battlefield server and client

Who is online

Users browsing this forum: No registered users and 3 guests