Giter Site home page Giter Site logo

cs2-exploit's Introduction

The Exploit

This exploit relies on the game:loc metadata key, which when set to a length greater than 2^15 or 32768 and a client is invited, an out of bounds memory write is triggered, leading to an Access Violation/Segmentation Fault which ultimately crashes the CS:GO client. This XML file includes a Javascript file (panorama/scripts/friendlobby.js) that populates the fields such as the lobby members' avatars, the gamemode, the average lobby rank, and most importantly, the lobby location.

	var _SetFlag = function ( elTile )
	{
		var countryCode = PartyBrowserAPI.GetPartySessionSetting( _m_xuid, 'game/loc' );
		var elFlagImg = elTile.FindChildTraverse( 'JsFriendLobbyFlag' );
		if ( countryCode )
		{
			elFlagImg.SetImage( 'file://{images}/flags/'+ countryCode +'.png' );
			elFlagImg.RemoveClass( 'hidden' );
		}
		else
		{
			elFlagImg.AddClass( 'hidden' );
		}
	};

The hash function attempted to call the Clang memset function and write the parsed filepath to another area of memory without validating the size of the source data. This is called an Out-of-bounds Write. Initially, I had attempted to escalate this vulnerability to an RCE or remote code execution since the Valve bug bounty program would consider a client crasher out of scope. After contacting many friends who were much better than I was at reverse engineering, it was concluded that the most that could be achieved with this exploit was Denial of Service.

Credits

  • Thanks to @imhunterand for finding the crash method
  • Thanks to the @pwn0sec CSE Team for being our test subjects

cs2-exploit's People

Contributors

dependabot[bot] avatar imhunterand avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar

cs2-exploit's Issues

Don`t work

		let error = (err) => {
			this.steam.removeListener("loggedOn", loggedOn);
			this.steam.removeListener("error", error);
			this.steam.removeListener("steamGuard", steamGuard);

			reject(err);
		}

		let steamGuard = (domain, callback) => {
			this.steam.removeListener("loggedOn", loggedOn);
			this.steam.removeListener("error", error);
			this.steam.removeListener("steamGuard", steamGuard);

			// Prompt user for Steam Guard code
			const readline = require('readline').createInterface({
				input: process.stdin,
				output: process.stdout
			});

			readline.question('Enter Steam Guard code: ', (code) => {
				readline.close();
				callback(code);
			});
		};


		this.steam.on("loggedOn", loggedOn);
		this.steam.on("error", error);
		this.steam.on("steamGuard", steamGuard);

		this.steam.logOn(details);
	});
	
}

I modificate code, but can`t loggin into account and after i input steam guar its do nothing

dont work

dont work, maybe wrong protobufs, what protobufs u use?

EGCBaseClientMsg is undefined and not present in object

TypeError: Cannot read properties of undefined (reading 'k_EMsgGCClientHello')
at C:\Users\kiril\source\repos\cs2-external-esp-main\x64\Release\cs2-exploit-main\helpers\Lobby.js:158:52
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

app 730 is out of date

2279720 is the new cs2 method, I'm currently researching. a new method.

credits to you all ill update you if I can get it working.

thanks for all the hard work.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.