0day
Contributor
- Oct 16, 2015
- 140
- 268
- 148
So, plain curiosity has me wondering about something that would seem to be simple.
How people individually approach finding exploits for their chosen program.
The question seems silly until you think about what other peoples viewpoints could provide in your own experience.
A recent experience I had was pen-testing for a pretty awesome mainstream game. The lead developer for the game said he would literally crap himself it the stability of the games official servers and or security of the players could be hurt by any hackers. Challenge accepted. (For fear of shady patch work I will not name the game publicly.)
Any-who this is what I did.
Me personally I put myself in the shoes of the developers/dev team.
I think of how I would handle a given problem;
I considered what most people exploit in a game environment and forgot all of those purposefully. Why target something you know will already have countermeasures; player speed, player health, etc.
The first screen I came to while joining a server peaked my curiosity. Hmm what is this, a character creation screen, NICE!
So you are telling me I have multiple opportunities here to send data to the server and see what happens.
WOOHOO let's go.
Cheat engine open, sliding the bars for head size, changed value? I think so. Oh look, there the value is, it varies from .1 to 1 max hmm nice, What happens if I input 3? Hmm wow my head is huge... Hmm I wonder what happens if I click create? Oh wow look at that my head is huge on the server... Wait? Can my friends see it? Are they doing some half hearted scrubbing? Friends are now laughing at my bobble head character. #dealwithitleaddev.
Okay now we have an attack vector. We know they are not properly scrubbing client inputs server side for character traits. Let's see what else we can do. I wonder what a value of 0 does? Oh look my player is completely invisible. Well that is fun but what else could happen? Ask yourself right now with the information you have; what else could possibly go wrong?
How about, we change that same value to 10000000000?
We know the server is sending the value to other clients and they are rendering it right?
What could go wrong?
Test server setup POC working. Server crashes with a corrupt db and is unable to come back up without restoring a backup of the db due to the game saving all player locations rather they are in game or not and rendering their characters.
Email dev team. Get no answer.
Email dev team again. Still being ignored.
Start wiping out official servers.
Reply email within 5 mins.
#todaywasagooddaylol
The money I could have made off of that little bit of information is pretty crazy, but the thought of every hormone driven teenager being able to ruin a perfectly good game with a 20 dollar download made my stomach cringe so in true grey hat fashion the cyber world of an unnamed game was saved.
What are your stories? What is your approach?
I am genuinely curious!
How people individually approach finding exploits for their chosen program.
The question seems silly until you think about what other peoples viewpoints could provide in your own experience.
A recent experience I had was pen-testing for a pretty awesome mainstream game. The lead developer for the game said he would literally crap himself it the stability of the games official servers and or security of the players could be hurt by any hackers. Challenge accepted. (For fear of shady patch work I will not name the game publicly.)
Any-who this is what I did.
Me personally I put myself in the shoes of the developers/dev team.
I think of how I would handle a given problem;
I considered what most people exploit in a game environment and forgot all of those purposefully. Why target something you know will already have countermeasures; player speed, player health, etc.
The first screen I came to while joining a server peaked my curiosity. Hmm what is this, a character creation screen, NICE!
So you are telling me I have multiple opportunities here to send data to the server and see what happens.
WOOHOO let's go.
Cheat engine open, sliding the bars for head size, changed value? I think so. Oh look, there the value is, it varies from .1 to 1 max hmm nice, What happens if I input 3? Hmm wow my head is huge... Hmm I wonder what happens if I click create? Oh wow look at that my head is huge on the server... Wait? Can my friends see it? Are they doing some half hearted scrubbing? Friends are now laughing at my bobble head character. #dealwithitleaddev.
Okay now we have an attack vector. We know they are not properly scrubbing client inputs server side for character traits. Let's see what else we can do. I wonder what a value of 0 does? Oh look my player is completely invisible. Well that is fun but what else could happen? Ask yourself right now with the information you have; what else could possibly go wrong?
How about, we change that same value to 10000000000?
We know the server is sending the value to other clients and they are rendering it right?
What could go wrong?
Test server setup POC working. Server crashes with a corrupt db and is unable to come back up without restoring a backup of the db due to the game saving all player locations rather they are in game or not and rendering their characters.
Email dev team. Get no answer.
Email dev team again. Still being ignored.
Start wiping out official servers.
Reply email within 5 mins.
#todaywasagooddaylol
The money I could have made off of that little bit of information is pretty crazy, but the thought of every hormone driven teenager being able to ruin a perfectly good game with a 20 dollar download made my stomach cringe so in true grey hat fashion the cyber world of an unnamed game was saved.
What are your stories? What is your approach?
I am genuinely curious!
Last edited:
