gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75925 Posts in 13335 Topics by 2670 Members - Latest Member: pierced3x October 22, 2019, 05:00:27 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Third Party Stuff  |  Chat Servers  |  Post reply ( Re: WCS Fix for hack tool released today that crashes rooms )
gfx
gfxgfx
 

Post reply

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.
Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
What year is it next year?:
What's the name of the site this forum belongs to?:
What program is this site about?:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Pri
« on: June 27, 2016, 05:12:48 pm »

I wish Merlin well and I hope life settles down for him soon :)
Posted by: Bearded Blunder
« on: June 26, 2016, 11:43:01 pm »

Okay, Hollow tried to contact Merlin about this issue a few months ago and Toad tried again on Wednesday but I think Merlin is one foot out the door so to speak. Dead end there.

I'll see if I can get a hold of mind. Until then if anyone has any other versions of WCS they need patched (I've had a request to do 1.8.6 for Win and Linux today) just let me know here or in PM and I'll put those up.
BB / Merlin has had a number of personal and stressful issues to deal with.
It's been so long I've basically forgotten how to work lcc to recompile WCS, KM talked me through it last time on MSN, a conversation who's logfile vanished when things got shifted to Skype.
I might add I'm personally aware of another buffer overflow in WCS, which I inadvertently crashed my own room because of.
Life here is still nuts, still stressful and I'm not sure if / when I'll get round to seeing if I can work that damned compiler. Assuming it'll even run under Win 10.
Posted by: GhostShip
« on: June 13, 2015, 05:44:59 pm »

This sort of blame distraction trick is annoying for sure but compared to the lies and rubbish I have had to field over the years I think you got off light, anyway we all "love" the pair of you  :lol: :lol: :lol:
Posted by: Sean
« on: June 13, 2015, 03:25:48 pm »

Quote
just want to say richy loves you sean!

I love you too richy!

But seriously, what is that about?
Posted by: Pri
« on: June 13, 2015, 10:54:43 am »

I shared the message with a few people already and no one thinks it is you, nor do I. Obviously someone trying to cause trouble.
Posted by: RebelMX
« on: June 13, 2015, 10:50:11 am »

Whoa, this has nothing to do with me, just so everyone is aware. I've got a bad enough reputation, and haven't done any programming in about 2 years.

I have a feeling I could narrow it down to a few individuals however...
Posted by: reef
« on: June 13, 2015, 10:48:32 am »

Glad they were of some help  :)
Posted by: Pri
« on: June 13, 2015, 10:32:32 am »

You seem to be doing a great job of protecting the chat folks Pri  8) 8) 8)

As long as folks are interested in this community there will always be those selfless few who go the extra mile to ensure its survival, a thank you to Pri from the community is well in order folks  :yes:

I feel fortunate to be able to help. I really do love WinMX, especially the chat.

a thank you to Pri from the community is well in order folks  :yes:

I couldn't agree more :) Thanks for taking the time Pri, it's much appreciated m8

You're welcome and thank you for hosting many of the WCS downloads :)
Posted by: Pri
« on: June 13, 2015, 10:29:00 am »

It is indeed a buffer overflow. The part being affected is how WCS displays illegal name attempts. The attacker sends a very large username and roomname to the server (requires both to be huge for the attack to work), when the server attempts to display both of these in the console on one line it overruns the buffer and WCS crashes almost instantly.

I fixed this bug in RCS in 2008 by complete accident as I replaced the console code for displaying illegal names with something custom just to make it display the messages to operators in-room instead of showing it in the console.

By the way you may find this interesting, this was in a document included with the hacker program which was sent to me through 2 individuals who received the program from an anonymous user in a chat room they were in the day the attack started:

Quote
WCSOWN v1.0 - By Hanzel

This tool will crash any WCS and WCS derived server and possibly other types of chat servers.

WCS 1.8.3+ are affected and anything using WCS as its code base unless it has been fixed.

RSWCS is not affected : )



How to use:

Open command prompt
Navigate to directory containing WCSOWN.exe using cd commands.

Run command:  WCSOWN <roomname>

examples:

WCSOWN RoomName_0100007F1A2B
WCSOWN 0100007F1A2B


just want to say richy loves you sean!
Posted by: RebelMX
« on: June 13, 2015, 10:11:19 am »

Presumably a buffer overflow attack? Which part of the source is it affecting (as you mention RSWCS and RCS are ok I'm intrigued which one of the many issues are being used).

Thanks,
Posted by: reef
« on: June 13, 2015, 08:09:46 am »

a thank you to Pri from the community is well in order folks  :yes:

I couldn't agree more :) Thanks for taking the time Pri, it's much appreciated m8
Posted by: GhostShip
« on: June 13, 2015, 06:57:20 am »

You seem to be doing a great job of protecting the chat folks Pri  8) 8) 8)

As long as folks are interested in this community there will always be those selfless few who go the extra mile to ensure its survival, a thank you to Pri from the community is well in order folks  :yes:
Posted by: Pri
« on: June 12, 2015, 10:06:23 pm »

Update, I've had requests to patch other earlier versions of WCS. So here those are:

Includes:
1.8.3.1 (Win)
1.8.6 (Win)
1.8.6.2 (Win & Linux)
1.8.8 (Win & Linux)

Zip file containing all the above versions: http://www.mxpulse.com/board/download/file.php?id=3599

Thanks to Reef for hosting 1.8.6 and 1.8.6.2 on his forum as I was able to find the downloads for these at his website.
Posted by: Pri
« on: June 12, 2015, 07:30:06 am »

Okay, Hollow tried to contact Merlin about this issue a few months ago and Toad tried again on Wednesday but I think Merlin is one foot out the door so to speak. Dead end there.

I'll see if I can get a hold of mind. Until then if anyone has any other versions of WCS they need patched (I've had a request to do 1.8.6 for Win and Linux today) just let me know here or in PM and I'll put those up.
Posted by: GhostShip
« on: June 11, 2015, 09:32:22 pm »

Bearded Blunder / Merlin still runs the WCS site (MxStuff) however the last active WCS developers bar Ritchy where "Mind" and Bide, Mind is a member here so a site mesage may bring a response.
gfxgfx
gfx
©2005-2019 WinMXWorld.com. All rights reserved.
SMF 2.0.15 | SMF © 2017, Simple Machines
Page created in 0.062 seconds with 17 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!