DCBase

Empowering and innovating features for the peer to peer masses
https://forum.dcbase.org/

Exploit fix 0.1

https://forum.dcbase.org/viewtopic.php?f=32&t=239

Page 1 of 2

Exploit fix 0.1

Posted: 29 Jun 2008, 09:04
by Toast

Code: Select all

--[[
	simple workaround for dc++ exploit that affect most popular recent clients.
	script should work with other clients with similar lua implementation
	
	adrian_007 (c) 2008
]]--

dcpp:setListener( "clientIn", "exploitfix",
	function( userp, line )
		-- this is a hack...
		if line == "$ADCGET list /// 0 -1 ZL1" then
			DC():PrintDebug( "Dropped user that tried to crash you via exploit!" )
			return true
		else
			return false
		end
	end
)
DC():PrintDebug(" ** exploitfix.lua loaded")

Re: Exploit fix 0.1

Posted: 29 Jun 2008, 10:35
by adrian_007
checked with rsx++, maybe someone can confirm if it's working with other. :)

Re: Exploit fix 0.1

Posted: 30 Jun 2008, 10:38
by Toast
i can check with BCDC++ later on this day when i get home from work

Re: Exploit fix 0.1

Posted: 30 Jun 2008, 16:11
by allnames
Loads correct on LDC 1.00 v2a (DC++ 0.674) but I haven't verified it stops the exploit.

Re: Exploit fix 0.1

Posted: 19 Mar 2009, 22:02
by Yeppy
how can you tell if it works ? cause i'm using it in rsx but i still get the little message that someone is trying to use my client to spam

Re: Exploit fix 0.1

Posted: 20 Mar 2009, 15:36
by adrian_007
it doesnt prevent spam attempt but remote exploit that can crash your client.... and there's a update on my forum.

Re: Exploit fix 0.1

Posted: 20 Mar 2009, 16:09
by Toast

Code: Select all

--[[
   simple workaround for dc++ exploit that affect most popular recent clients.
   script should work with other clients with similar lua implementation
   
   adrian_007 (c) 2008

   little change of string-recognition for better exploit-fix by FlipFlop (c) 2009
]]--

dcpp:setListener( "clientIn", "exploitfix",
   function( userp, line )
       -- this is a hack...
       if string.find(line, "%$ADCGET (%S) //+ 0 %-1 ZL1") then
           DC():PrintDebug( "Dropped user that tried to crash you via exploit" )
           return true
       else
           return false
       end
   end
)
DC():PrintDebug(" ** exploitfix.lua loaded")

Yeppy the spam problem that your asking about is the CTM exploit and there arent any sure proof solutions out there yet

Re: Exploit fix 0.1

Posted: 20 Mar 2009, 16:23
by adrian_007
ahh TmpAntiFlood can partially deal with it :P

Re: Exploit fix 0.1

Posted: 20 Mar 2009, 22:00
by Yeppy
ok i got the updated version from rsx forums

btw how do you use the true/false that function returns ? cause i don't think just by sending text ("dropped user ... ") helps with anything

Re: Exploit fix 0.1

Posted: 21 Mar 2009, 16:35
by adrian_007
if you return true, message isnt dispatched anymore - it's dropped at script level.
All times are UTC
Page 1 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/