Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 18:31

All times are UTC [ DST ]



Search found 115 matches
Search term used: +q3infoboom Search these results:

Author Message

 Forum: Proof-of-concepts   Topic: jk2 exploitations etc

 Post subject: jk2 exploitations etc
Posted: 21 May 2008 04:31 

Replies: 6
Views: 1708


... just the client) (as well as a crash name where all you have to do is kill yourself) however, something no one has and has been able to work is q3infoboom and q3msgboom. q3infoboom, will it work for jk2 if i disabled firewall and put my PC in the DMZ? as for msgboom, vsay i think may be disabled ...

 Forum: Proof-of-concepts   Topic: q3infoboom and q3fill ....

Posted: 29 Apr 2008 17:00 

Replies: 15
Views: 6001


you must try both these example usages:

q3infoboom 127.0.0.1 27960
q3infoboom -q getstatus 127.0.0.1 27960

(since the first one uses getinfo by default)

 Forum: Proof-of-concepts   Topic: q3infoboom and q3fill ....

 Post subject: q3infoboom and q3fill ....
Posted: 29 Apr 2008 16:19 

Replies: 15
Views: 6001


... I allready checked out the about on http://aluigi.altervista.org/about.htm ex. : what command should i use to crash a q3 based server? C:\> q3infoboom <command> ip port

 Forum: Proof-of-concepts   Topic: lpatch Problem

Posted: 21 Apr 2008 12:10 

Replies: 3
Views: 424


I bet you refer to ET 2.55, in this case I have tested it just in this exact moment and the executable was patched (ok, work-arounded) perfectly in fact it no longer crashes when tested with q3infoboom

 Forum: Fake_players_bug   Topic: Q3Boom

Posted: 12 Apr 2008 10:23 

Replies: 2
Views: 1561


direct links on my website don't work, that's why you get the italian page of the hoster.
Anyway you can use the direct link on my mirror which is the following:

http://mirror.aluigi.org/poc/q3infoboom.zip

for any other file on my website please use the SEARCH in the menu at its left

 Forum: Advisories   Topic: Quake 3 vulnerability

 Post subject: Quake 3 vulnerability
Posted: 07 Apr 2008 20:31 

Replies: 5
Views: 1420


... here, and integrating code fixes from ioquake3 and challengeq3. I'm just hoping that I missed something or there's a solution. I got it so that q3infoboom can't just crash the server. Thanks for that much so far.

 Forum: Proof-of-concepts   Topic: CoDUO q3dirtrav

Posted: 07 Apr 2008 16:39 

Replies: 36
Views: 6178


... so maybe that server i've been testing it on, does the same but in their folder. can you think of any other ways to crash servers besides q3infoboom though? i'm very interested with that stuff

 Forum: Patches   Topic: Request - JK:JA 1.01 Ultimate Patch

Posted: 27 Mar 2008 13:48 

Replies: 6
Views: 1082


1) the q3infoboom patches for JA are already made for the first and the latest version of the game, any other version is not supported Actually, i am asking for message buffer-overflow patch (for jampDed.exe) :) 2) no, you must ...

 Forum: Patches   Topic: Request - JK:JA 1.01 Ultimate Patch

Posted: 27 Mar 2008 13:07 

Replies: 6
Views: 1082


1) the q3infoboom patches for JA are already made for the first and the latest version of the game, any other version is not supported

2) no, you must apply all the patches separately

 Forum: Fake_players_bug   Topic: q3fill patch?

Posted: 22 Mar 2008 23:30 

Replies: 5
Views: 997


the specific q3infoboom patch for JA has been created just for the latest version (for some unknown reasons the version of the JA patch and the one visible at runtime by the server seems to differ if I remember well). It's possible ...

 Forum: Fake_players_bug   Topic: q3fill patch?

Posted: 22 Mar 2008 22:36 

Replies: 5
Views: 997


the patch for q3infoboom in jampDed 1.0.1.0 doesn't work, saying mdsum miss mach, i think because my jampded is 1.0.1.1, so is there a patch for 1.0.1.1 or should i just patch it using the 1.0.1.0 patch anyway?

(Windows)

 Forum: ...anything else...   Topic: A simple prank

Posted: 13 Mar 2008 14:20 

Replies: 6
Views: 828


... naturally the IP address/hostname of the server and its port, while 1234 is the port you want to bind locally. About JA, well there are the usual q3infoboom and jamsgbof bugs plus the q3msgboom bug which disconnects the clients. Naturally all these problem can be fixed. Then there are the usual ...

 Forum: ...anything else...   Topic: q3infoboom

 Post subject: q3infoboom
Posted: 12 Feb 2008 07:23 

Replies: 2
Views: 925


since i'm using q3boom to crash some servers i got some mad people around me, they changed something at the server and i think the version (wolfET) what first was: version, ET 2.55 win-x86 and now : version, ET 2.55 Linux-386 I saw that q3boom can crash linux too but it don't work anymore since they...

 Forum: Patches   Topic: [SOF2] server bug fix

Posted: 08 Feb 2008 09:54 

Replies: 1
Views: 570


I think the attack about you refer is the classical q3infoboom one.
The work-around is on my Patches section:

http://aluigi.org/patches.htm

there you will find 2 sub-sections: Soldier of Fortune II and Quake 3 engine.
The name of the patch is q3infofix

 Forum: Patches   Topic: Rtcw Nukeproof server

Posted: 03 Feb 2008 12:43 

Replies: 41
Views: 5179


well it's just the usual q3infoboom attack. The following iptables rules should do the job also without my work-around or in case mine isn't enough on ET/Linux: iptables -A INPUT -p udp --dport 27015 -m string --string "\xff\xff\xff\xffgetinfo" ...

 Forum: Patches   Topic: Rtcw Nukeproof server

Posted: 30 Jan 2008 23:00 

Replies: 41
Views: 5179


yeah seems a classical infoboom attack, but I don't understand why you can't crash your same server using q3infoboom, it's strange

 Forum: Patches   Topic: Rtcw Nukeproof server

Posted: 30 Jan 2008 22:57 

Replies: 41
Views: 5179


... to log packets to a known port is just using Wireshark or WPE, but in both the cases there is too much data to handle. Anyway if none of the above q3infoboom examples crash your server means that it's not the infoboom bug. I'll be more clear, cause this seems like a infoboom crash: Info string ...

 Forum: Patches   Topic: Rtcw Nukeproof server

Posted: 30 Jan 2008 22:56 

Replies: 41
Views: 5179


a way to log packets to a known port is just using Wireshark or WPE, but in both the cases there is too much data to handle.
Anyway if none of the above q3infoboom examples crash your server means that it's not the infoboom bug.

 Forum: Patches   Topic: Rtcw Nukeproof server

Posted: 30 Jan 2008 14:44 

Replies: 41
Views: 5179


anyway i patched the server with all patches there are but i dont undestand what u mean with this;

parameters:
q3infoboom -f 100 127.0.0.1 27960
q3infoboom -f 100 -q getstatus 127.0.0.1 27960

 Forum: Patches   Topic: Rtcw Nukeproof server

Posted: 30 Jan 2008 13:25 

Replies: 41
Views: 5179


if the attack is from outside (so not in-game) you should recheck your server with q3infoboom using the following parameters:

q3infoboom -f 100 127.0.0.1 27960
q3infoboom -f 100 -q getstatus 127.0.0.1 27960

if your server doesn't crash means there is another vulnerability he exploits

 Forum: Proof-of-concepts   Topic: Q3UNBAN, Q3FILL, q3cfilevar, q3noclient

Posted: 29 Dec 2007 13:58 

Replies: 142
Views: 19012


The reason the ban bypass trick doesnt always work, is because the q3infoboom patch fixes it. When the server receives a out-of-game message (like connect), it reads the params provided into a 1024 byte buffer... normally... The patch, however, lowers that ...

 Forum: Patches   Topic: q3infoboom fix for old versions of JA

Posted: 09 Dec 2007 12:46 

Replies: 8
Views: 3364


Ops I forgot to update this thread, the fix is already available from some days:

http://aluigi.org/patches.htm#quake3

jampded Windows 1.0.1.0 q3infoboom fix 0.1
jampded Windows 1.0.0.0 q3infoboom fix 0.1

 Forum: Proof-of-concepts   Topic: Q3UNBAN, Q3FILL, q3cfilevar, q3noclient

Posted: 05 Dec 2007 23:24 

Replies: 142
Views: 19012


1)
from my tests and those of the JA admins seems that linux + q3infofix are ok versus the q3infoboom bug

2)
who has JA for windows must download only the new patch (legacy section) for fixing q3infoboom
who has JA for linux must use q3infofix

 Forum: Proof-of-concepts   Topic: Q3UNBAN, Q3FILL, q3cfilevar, q3noclient

Posted: 05 Dec 2007 22:54 

Replies: 142
Views: 19012


03 Dec 2007 Patches: jampded Windows 1.0.0.0 and 1.0.1.0 q3infoboom fix 0.1 a bit late but I have fixed the q3infoboom bug in this game OK, uh questions.. 1. does that mean linux is also fixed 100% from infoboom? 2. Can you still download these 2 and ...

 Forum: Patches   Topic: q3infoboom fix for old versions of JA

Posted: 19 Sep 2007 18:26 

Replies: 8
Views: 3364


Some users have reported the not complete fixing (ok work-around) of the q3infoboom bug after having applied my patch on old versions of the Jedi Academy game. In these cases the only suggestion I can give is to modify manually the "limit value" set ...
Sort by:  
Page 4 of 4 [ Search found 115 matches ]


All times are UTC [ DST ]