Exploit fix 0.1

Post finished Clientside Scripts here, known supporting clients for LUA scripting.
Note: Client must be ADC 1.0

BCDC++ | RSX++
Toast

Exploit fix 0.1

Post by Toast » 29 Jun 2008, 09:04

Code: Select all

--[[
	simple workaround for dc++ exploit that affect most popular recent clients.
	script should work with other clients with similar lua implementation
	
	adrian_007 (c) 2008
]]--

dcpp:setListener( "clientIn", "exploitfix",
	function( userp, line )
		-- this is a hack...
		if line == "$ADCGET list /// 0 -1 ZL1" then
			DC():PrintDebug( "Dropped user that tried to crash you via exploit!" )
			return true
		else
			return false
		end
	end
)
DC():PrintDebug(" ** exploitfix.lua loaded")

adrian_007
Senior Member
Posts: 126
Joined: 06 Jan 2008, 13:00

Re: Exploit fix 0.1

Post by adrian_007 » 29 Jun 2008, 10:35

checked with rsx++, maybe someone can confirm if it's working with other. :)

Toast

Re: Exploit fix 0.1

Post by Toast » 30 Jun 2008, 10:38

i can check with BCDC++ later on this day when i get home from work

allnames

Re: Exploit fix 0.1

Post by allnames » 30 Jun 2008, 16:11

Loads correct on LDC 1.00 v2a (DC++ 0.674) but I haven't verified it stops the exploit.

Yeppy
Newbie
Posts: 4
Joined: 19 Mar 2009, 21:49

Re: Exploit fix 0.1

Post by Yeppy » 19 Mar 2009, 22:02

how can you tell if it works ? cause i'm using it in rsx but i still get the little message that someone is trying to use my client to spam

adrian_007
Senior Member
Posts: 126
Joined: 06 Jan 2008, 13:00

Re: Exploit fix 0.1

Post by adrian_007 » 20 Mar 2009, 15:36

it doesnt prevent spam attempt but remote exploit that can crash your client.... and there's a update on my forum.

Toast

Re: Exploit fix 0.1

Post by Toast » 20 Mar 2009, 16:09

Code: Select all

--[[
   simple workaround for dc++ exploit that affect most popular recent clients.
   script should work with other clients with similar lua implementation
   
   adrian_007 (c) 2008

   little change of string-recognition for better exploit-fix by FlipFlop (c) 2009
]]--

dcpp:setListener( "clientIn", "exploitfix",
   function( userp, line )
       -- this is a hack...
       if string.find(line, "%$ADCGET (%S) //+ 0 %-1 ZL1") then
           DC():PrintDebug( "Dropped user that tried to crash you via exploit" )
           return true
       else
           return false
       end
   end
)
DC():PrintDebug(" ** exploitfix.lua loaded")

Yeppy the spam problem that your asking about is the CTM exploit and there arent any sure proof solutions out there yet

adrian_007
Senior Member
Posts: 126
Joined: 06 Jan 2008, 13:00

Re: Exploit fix 0.1

Post by adrian_007 » 20 Mar 2009, 16:23

ahh TmpAntiFlood can partially deal with it :P

Yeppy
Newbie
Posts: 4
Joined: 19 Mar 2009, 21:49

Re: Exploit fix 0.1

Post by Yeppy » 20 Mar 2009, 22:00

ok i got the updated version from rsx forums

btw how do you use the true/false that function returns ? cause i don't think just by sending text ("dropped user ... ") helps with anything

adrian_007
Senior Member
Posts: 126
Joined: 06 Jan 2008, 13:00

Re: Exploit fix 0.1

Post by adrian_007 » 21 Mar 2009, 16:35

if you return true, message isnt dispatched anymore - it's dropped at script level.

Locked