Light

imhunterand / cs2-exploit Goto Github PK

View Code? Open in Web Editor NEW

8.0 3.0 0.0 159 KB

Allows you to crash any server user cs2

JavaScript 100.00%

cs2-exploit exploit-code vulnerability-research

cs2-exploit's Introduction

The Exploit

This exploit relies on the game:loc metadata key, which when set to a length greater than 2^15 or 32768 and a client is invited, an out of bounds memory write is triggered, leading to an Access Violation/Segmentation Fault which ultimately crashes the CS:GO client. This XML file includes a Javascript file (panorama/scripts/friendlobby.js) that populates the fields such as the lobby members' avatars, the gamemode, the average lobby rank, and most importantly, the lobby location.

	var _SetFlag = function ( elTile )
	{
		var countryCode = PartyBrowserAPI.GetPartySessionSetting( _m_xuid, 'game/loc' );
		var elFlagImg = elTile.FindChildTraverse( 'JsFriendLobbyFlag' );
		if ( countryCode )
		{
			elFlagImg.SetImage( 'file://{images}/flags/'+ countryCode +'.png' );
			elFlagImg.RemoveClass( 'hidden' );
		}
		else
		{
			elFlagImg.AddClass( 'hidden' );
		}
	};

The hash function attempted to call the Clang memset function and write the parsed filepath to another area of memory without validating the size of the source data. This is called an Out-of-bounds Write. Initially, I had attempted to escalate this vulnerability to an RCE or remote code execution since the Valve bug bounty program would consider a client crasher out of scope. After contacting many friends who were much better than I was at reverse engineering, it was concluded that the most that could be achieved with this exploit was Denial of Service.

Credits

Thanks to @imhunterand for finding the crash method
Thanks to the @pwn0sec CSE Team for being our test subjects

cs2-exploit's People

Contributors

Stargazers

Watchers

cs2-exploit's Issues

Don`t work

		let error = (err) => {
			this.steam.removeListener("loggedOn", loggedOn);
			this.steam.removeListener("error", error);
			this.steam.removeListener("steamGuard", steamGuard);

			reject(err);
		}

		let steamGuard = (domain, callback) => {
			this.steam.removeListener("loggedOn", loggedOn);
			this.steam.removeListener("error", error);
			this.steam.removeListener("steamGuard", steamGuard);

			// Prompt user for Steam Guard code
			const readline = require('readline').createInterface({
				input: process.stdin,
				output: process.stdout
			});

			readline.question('Enter Steam Guard code: ', (code) => {
				readline.close();
				callback(code);
			});
		};


		this.steam.on("loggedOn", loggedOn);
		this.steam.on("error", error);
		this.steam.on("steamGuard", steamGuard);

		this.steam.logOn(details);
	});
	
}

I modificate code, but can`t loggin into account and after i input steam guar its do nothing

dont work

dont work, maybe wrong protobufs, what protobufs u use?

EGCBaseClientMsg is undefined and not present in object

TypeError: Cannot read properties of undefined (reading 'k_EMsgGCClientHello')
at C:\Users\kiril\source\repos\cs2-external-esp-main\x64\Release\cs2-exploit-main\helpers\Lobby.js:158:52
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

app 730 is out of date

2279720 is the new cs2 method, I'm currently researching. a new method.

credits to you all ill update you if I can get it working.

thanks for all the hard work.

Does this still work ?

?

Helpers need to be updated with the new proto buffers.

it seems to be out of date.

could be wrong :) nice work

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.