Back in 2000-2005 I was very active in a community centered around 20 or so modded Counter-Strike servers which I volunteered as an admin on. We were generally good about having at least one admin on each server at any given time to deal with cheaters. Occasionally someone wouldn’t be around though.
There was a period of time lasting about a month or two where a player with a name like BELT SANDER or ANGLE GRINDER or TABLE SAW hung around. They were pleasant and unremarkable, but they frequently used new Steam accounts and switched IPs.
This person definitely wasn’t supposed to be an admin, but if they were around when someone was cheating and no actual admins were there, they’d somehow elevate their own permissions and ban the offending player. We tried to figure out what was happening and to see if we could somehow stop them, but we never did manage it. They were somehow gaining rcon access to the host server. After a while we just shrugged our shoulders. They didn’t seem to be harming anything, other than our peace of mind about our security. Overall they were actually really helpful for stopping late night/early morning disruptions.
I used to write cheats for CSS & other Source games. Not sure if the original CS would have the same vuln, but iirc you used to be able to use an INetChannel::ReceiveFile function with path traversal to grab the server config. There were a few cool hacks around the file path filtering logic they added in my era that (combined with ::SendFile) enabled a fun period of arbitrary RCE on Source servers.
I knew one person who made a wormable payload for a game I won’t disclose which used that method. The methods are in engine.dll so it’s symmetric, clients would infect servers, which in turn infects more clients, etc. Around then was when I decided to start gaming from a VM lol.
> Around then was when I decided to start gaming from a VM lol
How?
Maybe I’m getting my dates mixed up but CS was released in the late 90 / early 90s and consumer virtualisation wasn’t nearly good enough to game in for another 10 years.
Consumer CPUs didn’t have virtualisation extensions and GPU paravirtualisation wasn’t available either in the early 2000s.
VMWare wasn’t even any good for just running Windows
2000 (I mean, it was seriously impressive tech for its time, but it was dog slow even for just basic basic things). So you’d be stuck with Xen for anything serious. And that wasn’t trivial to get set up back then.
Plus given the lack of drivers for virtualised hardware like soundcards and network interfaces, you’d likely be stuck with full fat emulation for those devices.
This exploit has its origin in the Quake engine. I remember exploiting the same thing in CoD4 (2007) and I believe even the release version of Black Ops I was vulnerable. It was known as the ‘q3dirtrav’ vulnerability.
Interesting, a friend of mine did that in GMod, leading to the infamous 'cough' virus. (Yes, all the 'journalism' around this is wrong, and it's not the person commonly blamed for it).
Maybe you would be the person to answer this. Back in 1.6 it was common to install amxmodx for use as admin software in game. There was a function in one of the menus that would open up a players disc drive on their PC!
I was an admin on a wc3 fun server back in the day and would do it to people for fun. Too young at the time to ever think more about how that was actually done or what security vulnerability that must have been exploiting! I always wondered how it was done.
I love this story. Feels like a modern take on one of those old "hidden master" stories where offending the quiet old man turns out to be a disastrous idea.
There was a period of time lasting about a month or two where a player with a name like BELT SANDER or ANGLE GRINDER or TABLE SAW hung around. They were pleasant and unremarkable, but they frequently used new Steam accounts and switched IPs.
This person definitely wasn’t supposed to be an admin, but if they were around when someone was cheating and no actual admins were there, they’d somehow elevate their own permissions and ban the offending player. We tried to figure out what was happening and to see if we could somehow stop them, but we never did manage it. They were somehow gaining rcon access to the host server. After a while we just shrugged our shoulders. They didn’t seem to be harming anything, other than our peace of mind about our security. Overall they were actually really helpful for stopping late night/early morning disruptions.