Let’s rewind into the limitations for a second. So, we can both control the function that is called, and even choose an argument to pass it! Neato’.ĭemorecord itself is initialized only once at the start of the game and is of type gzstream : stream I quickly noticed that reading data from the client is done using functions like getstring and getint, etc. So I started going over the various updates that can be sent from the client, for instance, sending a text message or the player’s position on the map. This is the function that, according to the developers, does “server-side processing of updates”, looks like a good place to start. Pretty quickly I came across the process function at server.cpp.
ASSAULTCUBE WEAPONS CODE
Right from the beginning I was looking for the code that takes input from the client and looked for ways to meddle with it, essentially providing unexpected data to the server. So I opened up the game’s code and started to get familiar with the codebase. Escalating to admin, crashing the server, or writing some hacks (which I did by the way) were not what I was looking for. There’s also the possibilities of client →client, or server →client, but they both tend to be easier as the client is usually written in a more trustful manner. The goal was clear and straightforward, achieving Remote Code Execution Client →Server.
0 kommentar(er)
