@(...:.:...)@
NOTE: I did not make this, I am just posting it here!
From:
http://runningbon.gamedeception.net/Downloads.html MOHAA:Spearhead v2.15 Server Buffer Overflow Critical Patch
Written by RunningBon
23/05/2006
Any problems, e-mail me.
-) Contact
-) Info
-) Installation
-) How it works
===================
-Contact-----------
===================
E-Mail:
Web: http://runningbon.gamedeception.net/
IRC: irc.rizon.net #kik
===================
-Info--------------
===================
A few days ago, I released a public exploit for MoHAA servers, based on research by Luigi Auriemma. The exploit allowed remote code execution, and so I wrote a C program which exploits a server, and spawns a cmd.exe shell, which you can connect to remotely.
All Win32 servers were vulnerable to it (Linux is vulnerable also, although I haven't ported it), and EA refuse to patch the bug themselves, since they no longer support the game. Using this patch will make your Win32 server immune to this exploit, and also logs any attempts to exploit your server.
===================
-Installation------
===================
If the server is running, close it.
Extract moh_spearhead_server.exe and SHPatch.dll from this .zip to your MOHAA directory - usually "C:Program FilesEA GamesMOHAA". You should backup your old moh_spearhead_server.exe, incase you want to switch back in the future.
Now you should be able to start the server back up as normal, and it would be patched. If the patch works, you should see a welcome message show up in the servers console after a few seconds.
If someone attempts to exploit your server, the servers console will display something like:
*** Exploit attempt detected from 192.168.2.91. ***
Exploit attempts also get logged to a file, exploits.log, in your MOHAA folder. This also logs the date and time at which it occured.
===================
-How it works------
===================
I wrote a codecave in moh_spearhead_server.exe, which calls LoadLibraryA() with my DLL name (SHPatch.dll). This codecave gets called when the server is initializing.
The DLL detours the Winsock recvfrom() API, and checks to make sure the packet is not oversized. This stops the buffer from overflowing, and overwriting the stack.
Excellent! I will try this. Today I took my server offline, due to someone had taken control of my server and created some folders in the root directory. This is great if it works as it states. I'll be a test subject.
Best regards,
Rumphfy
OMG, I can't believe peeps are actually using these exploits, it's so lame. :o_o Damn script kiddies. :((
Well I tried this and it seems to work. But one thing I don't like is the console message that repeatily comes across the screen saying "This server is protected against exploits, download this patch at www.XXXX.com, offending IP's are logged".
This is annoying and I emailed the person and he told me that he's concerned about credit and also someone stealing his work. Why couldn't the guy just put this info in a text file, instead of spamming the in-game display.
Rumphfy
hm, wasd going to remove them words now, however the link for the file is dead. got an upload?
I'll email you this file...
Rumphfy