gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
74989 Posts in 13107 Topics by 2619 Members - Latest Member: rjvdmeijden December 10, 2016, 02:59:37 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Third Party Stuff  |  Chat Servers  |  WCS Fix for hack tool released today that crashes rooms
gfx
gfxgfx
 

Author Topic: WCS Fix for hack tool released today that crashes rooms  (Read 3121 times)

0 Members and 1 Guest are viewing this topic.

Offline Pri

  • MX Hosts
  • *****
  • *****
WCS Fix for hack tool released today that crashes rooms
« on: June 10, 2015, 09:40:03 pm »
About 20 minutes ago I was made aware of a tool doing the rounds today which can crash rooms by exploiting a bug in WCS 1.8.3 and its derivatives (RSWCS and RCS are not affected).

I tested the bug against 1.8.3.1 and 1.8.8 which seem to be the most popular versions of WCS in use and also the latest ones and it is able to crash both. I have gone ahead and patched both of these versions of WCS. Now to be clear, I do not have the source code to either of these versions of WCS and I didn't want to merely patch this in 1.8.3 and then force people who use 1.8.8 with its newer features to regress for security.

So until we can get those versions properly patched here is a modified version of the binaries for both Windows and Linux which stop the hack from being used. It doesn't disable any features of the server the patch merely disables the very specific vulnerability being exploited, I won't go in to further detail about it here but if you do have the source code for WCS 1.8.3 or WCS 1.8.8 I will be more than happy to tell you what is occurring so you can fix it and recompile the servers. Does anyone know who runs the WCS site now?

Link to the .zip containing the three copies of WCS that have been patched: http://www.mxpulse.com/board/download/file.php?id=3598

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #1 on: June 11, 2015, 09:32:22 pm »
Bearded Blunder / Merlin still runs the WCS site (MxStuff) however the last active WCS developers bar Ritchy where "Mind" and Bide, Mind is a member here so a site mesage may bring a response.

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #2 on: June 12, 2015, 07:30:06 am »
Okay, Hollow tried to contact Merlin about this issue a few months ago and Toad tried again on Wednesday but I think Merlin is one foot out the door so to speak. Dead end there.

I'll see if I can get a hold of mind. Until then if anyone has any other versions of WCS they need patched (I've had a request to do 1.8.6 for Win and Linux today) just let me know here or in PM and I'll put those up.

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #3 on: June 12, 2015, 10:06:23 pm »
Update, I've had requests to patch other earlier versions of WCS. So here those are:

Includes:
1.8.3.1 (Win)
1.8.6 (Win)
1.8.6.2 (Win & Linux)
1.8.8 (Win & Linux)

Zip file containing all the above versions: http://www.mxpulse.com/board/download/file.php?id=3599

Thanks to Reef for hosting 1.8.6 and 1.8.6.2 on his forum as I was able to find the downloads for these at his website.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #4 on: June 13, 2015, 06:57:20 am »
You seem to be doing a great job of protecting the chat folks Pri  8) 8) 8)

As long as folks are interested in this community there will always be those selfless few who go the extra mile to ensure its survival, a thank you to Pri from the community is well in order folks  :yes:

Offline reef

  • WMW Volunteer
  • *****
  • ***
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #5 on: June 13, 2015, 08:09:46 am »
a thank you to Pri from the community is well in order folks  :yes:

I couldn't agree more :) Thanks for taking the time Pri, it's much appreciated m8


Offline RebelMX

  • Core
  • *****
  • *****
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #6 on: June 13, 2015, 10:11:19 am »
Presumably a buffer overflow attack? Which part of the source is it affecting (as you mention RSWCS and RCS are ok I'm intrigued which one of the many issues are being used).

Thanks,

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #7 on: June 13, 2015, 10:29:00 am »
It is indeed a buffer overflow. The part being affected is how WCS displays illegal name attempts. The attacker sends a very large username and roomname to the server (requires both to be huge for the attack to work), when the server attempts to display both of these in the console on one line it overruns the buffer and WCS crashes almost instantly.

I fixed this bug in RCS in 2008 by complete accident as I replaced the console code for displaying illegal names with something custom just to make it display the messages to operators in-room instead of showing it in the console.

By the way you may find this interesting, this was in a document included with the hacker program which was sent to me through 2 individuals who received the program from an anonymous user in a chat room they were in the day the attack started:

Quote
WCSOWN v1.0 - By Hanzel

This tool will crash any WCS and WCS derived server and possibly other types of chat servers.

WCS 1.8.3+ are affected and anything using WCS as its code base unless it has been fixed.

RSWCS is not affected : )



How to use:

Open command prompt
Navigate to directory containing WCSOWN.exe using cd commands.

Run command:  WCSOWN <roomname>

examples:

WCSOWN RoomName_0100007F1A2B
WCSOWN 0100007F1A2B


just want to say richy loves you sean!

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #8 on: June 13, 2015, 10:32:32 am »
You seem to be doing a great job of protecting the chat folks Pri  8) 8) 8)

As long as folks are interested in this community there will always be those selfless few who go the extra mile to ensure its survival, a thank you to Pri from the community is well in order folks  :yes:

I feel fortunate to be able to help. I really do love WinMX, especially the chat.

a thank you to Pri from the community is well in order folks  :yes:

I couldn't agree more :) Thanks for taking the time Pri, it's much appreciated m8

You're welcome and thank you for hosting many of the WCS downloads :)

Offline reef

  • WMW Volunteer
  • *****
  • ***
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #9 on: June 13, 2015, 10:48:32 am »
Glad they were of some help  :)


Offline RebelMX

  • Core
  • *****
  • *****
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #10 on: June 13, 2015, 10:50:11 am »
Whoa, this has nothing to do with me, just so everyone is aware. I've got a bad enough reputation, and haven't done any programming in about 2 years.

I have a feeling I could narrow it down to a few individuals however...

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #11 on: June 13, 2015, 10:54:43 am »
I shared the message with a few people already and no one thinks it is you, nor do I. Obviously someone trying to cause trouble.

Offline Sean

  • Core
  • *****
    • The Rebelion
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #12 on: June 13, 2015, 03:25:48 pm »
Quote
just want to say richy loves you sean!

I love you too richy!

But seriously, what is that about?

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #13 on: June 13, 2015, 05:44:59 pm »
This sort of blame distraction trick is annoying for sure but compared to the lies and rubbish I have had to field over the years I think you got off light, anyway we all "love" the pair of you  :lol: :lol: :lol:

Offline Bearded Blunder

  • Forum Member
    • Taboo Community Website
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #14 on: June 26, 2016, 11:43:01 pm »
Okay, Hollow tried to contact Merlin about this issue a few months ago and Toad tried again on Wednesday but I think Merlin is one foot out the door so to speak. Dead end there.

I'll see if I can get a hold of mind. Until then if anyone has any other versions of WCS they need patched (I've had a request to do 1.8.6 for Win and Linux today) just let me know here or in PM and I'll put those up.
BB / Merlin has had a number of personal and stressful issues to deal with.
It's been so long I've basically forgotten how to work lcc to recompile WCS, KM talked me through it last time on MSN, a conversation who's logfile vanished when things got shifted to Skype.
I might add I'm personally aware of another buffer overflow in WCS, which I inadvertently crashed my own room because of.
Life here is still nuts, still stressful and I'm not sure if / when I'll get round to seeing if I can work that damned compiler. Assuming it'll even run under Win 10.
Blessed is he who expecteth nothing, for he shall not be disappointed.

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: WCS Fix for hack tool released today that crashes rooms
« Reply #15 on: June 27, 2016, 05:12:48 pm »
I wish Merlin well and I hope life settles down for him soon :)

WinMX World :: Forum  |  Third Party Stuff  |  Chat Servers  |  WCS Fix for hack tool released today that crashes rooms
 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.

Name: Email:
Verification:
Type the letters shown in the picture Type the letters shown in the picture Type the letters shown in the picture Type the letters shown in the picture Type the letters shown in the picture Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
What program is this site about?:
What year was it last year:
What's the name of the site this forum belongs to? (just the name, no domain ending):

gfxgfx
gfx
©2005-2016 WinMXWorld.com. All rights reserved.
SMF 2.0.12 | SMF © 2016, Simple Machines
Page created in 0.035 seconds with 25 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!