Luigi Auriemma

Hi aluigi!!!

I just downloaded your mohaabof file, but I don't know how to use it!!! I have the .exe, the H-file and the C-file. Now what have I to do with these????

Greetings to you!!!! AND THANK YOU FOREWARD!!!!

When I click on mohaabof.exe it pops up for less than a second and then it is away again!
What should i do to work with this program????

it's a command-line tool: http://aluigi.org/about.htm#howuse

thank you very much for your fast help!!! Sorry, but I have to ask you one more thing because I am a real big NoOb in that things!!! I use it the first time!!!

--> I was able to open it, like you show in this Video!!!
In the cmd stand:

Usage: mohaabof <attack> [port(12203)]

Attack:
c = LAN clients buffer-overflow. It cannot work online because online is
used the Gamespy protocol that is not affected by this bug
s = server buffer-overflow: you can test this PoC versus a specific server.
You must add the IP or the hostname of the server after the 's'.
The PoC first tests the overflow for Win32 servers and then for Linux
that requires more data for overwriting the return address
Some usage examples:
mohaabof c listens on port 12203 for clients
mohaabof c 1234 listens on port 1234
mohaabof s 192.168.0.1 tests the server 192.168.0.1 on port 12203
mohaabof s 192.168.0.1 1234 tests the server 192.168.0.1 on port 1234

-->So I wrote: mohaabof s 83.20.99.159 (For an Internet server with the port 12203!)
BUT it wrote:
- Target 83.20.99.159:12203

- Request informations

Error: socket timeout, probably the server is not online

???WHY because it is definitely online and the Target is the right one??????

Please help me!!!! Nice day!!!!

Hi Luigi!!!!

Please forget my previous post, I was able to solve the problem with your help!!! Thank you again!!!!

BUT now I have got a new problem ;-)

I tried out your mohaafill fake player bug!!!! I know that for this program you have got an other thread but I dont want to spam your forum with such NoOb questions, but I think lot of people know as less as me how to work with it!!! SO please help me again!!!!

The cmd says:
Usage: mohaafill [options] <server>
Options:
-p PORT specify a port to connect (default is 12203)
-w the program will be forced to ask a password
-k CDKEY use this option to fill the Spearhead and Breakthrough servers.
You need to specify a valid online cd-key
-t SEC seconds to wait for each check (default 15)
-r force the usage of random player names

So I typed in for a 12203 port server: mohaafill 77.253.131.3

- -> It works great, because it says that the server is filled up with the fake players and every 15 seconds it does it again!! Also with gamespy you can see that the server is filled up and when you are in the server, all the fake players are ???preparing for deployment??? BUT they never get in the game and DON???T crash the server!!!!!!

????????????????????? WHAT DID I WRONG ??????????????????????????????

SO PLEASE PLEASE PLEASE HELP ME!!!! I KNOW THAT I AM RIDICULOUS WHEN I ASK YOU SUCH QUESTIONS, BUT AS I SAID: I NEVER DID SUCH THINGS BEFORE!!!!!

Have a nice day!!!!

Greetings your SyStEm32

in fact the "fake players bug" consists just in the filling of the server denying the joining of real players as explained here:
http://aluigi.org/fakep.txt

anyway if that IP you posted is not of YOUR server I suggest you to leave this forum because you have misunderstood everything (from the nature of the proof-of-concepts to that of the forum)