First let me explain what OSSEC is and why a vulnerability in this system is important.
OSSEC is an host based open-source intrusion detection system…
Most recently there’s been a few vulnerabilities found and disclosed in it that have gotten rather concerning to me
These become a larger issue when the vulnerability I’ve found requires you to have access to the agent at a level where you can modify the configuration file, I consider what I’ve found to be slightly more severe in larger environments because depending on the configuration of the server system it could allow a full-scale breach instead of a single agent being compromised.
In theory once someone was to exploit/hack or gain access to an agent in any way the only thing you’re concerned with is that agent where the SQL injection takes place in the central server where the agents report to, in some cases this central server is within a corporate network that’s meant to be segregated from the rest of the agents… in theory once one was to compromise the central server of something like this access to additional systems or all of the systems/agents is to follow…
The idea of someone gaining access to an entire enterprise network, but because the system itself is meant to detect intrusions… with the SQL injection that I’ve discovered it would be possible to wipe evidence and make sure people weren’t able to see it given they weren’t recording to email regardless I feel it nearly renders the system useless in a sense.
More concerning is that a lot of people are recommended to use this system post-failure of PCI audits ( Meaning consumer credit card data should be protected by a system with vulnerabilities in it ).
I’ve also since writing this article submitted a pull-request to attempt to fix the vulnerability mentioned in this article (https://github.com/ossec/ossec-hids/pull/923), and requested a CVE which I’ll add to this article once I have it.
All of that aside…
A few days ago I’m upgrading OSSEC on some machines and install a non-stable development/release candidate on one of the systems connecting back to my 2.8.3 (Latest stable/release instance) immediately I notice that my agent isn’t reporting…
I check logs and notice SQL syntax errors, now at first I think nothing of this, it’s strange but not alarming yet….
Then I notice what the syntax errors are actually being caused by and I find that I’ve just discovered an SQL Injection in OSSEC’s server system when using a database (Yes this includes Postgresql).
2016/08/17 12:52:03 ossec-dbd(5203): ERROR: Error executing query ‘SELECT id FROM location WHERE name = ‘thedefaced->netstat -tan |grep LISTEN |grep -v ‘127.0.0.1’ | sort’ AND server_id = ‘1’ LIMIT 1′. Error: ‘You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘127.0.0.1’ | sort’ AND server_id = ‘1’ LIMIT 1′ at line 1′.
That being said I’ve done some research on this and even attempted exploiting it to gain a proof of concept considering the latest release candidate ships with the configuration file that caused this ordeal in the first place I would assume that the latest version is patched against this, yet was not back ported to the latest stable release…
To start lets discuss what could happen with this,
Continue reading »
I had recently been inspired by a video from a man who goes by the alias “Scamalot” in this video series he responds to spam emails and simply “trolls” the scammers, phishers, or spammers the series is great, and I highly recommend checking it out if you haven’t ( https://www.youtube.com/watch?v=dSoXEtFPTfI ).
Well due to being inspired by this I decided to take it upon myself to start attempting to “troll” or annoy these spammers, scammers, and phishers myself as it seemed to be my duty at this point considering the amount of spam I regularly receive it was a great idea.
Coming into this the last thing that I expected to do is take over a phish page and leave a warning for those who clicked on it in the future but, that’s exactly what I ended up doing….
Project Cartographer ( which I’m referring to as H2V:Online from here on ) now has a homepage where pretty soon you’ll be able to find a download link for the mod!
There’s still tons of things that can be done and I plan to write about and release tons more information on this project as well as put more time and effort into improving the overall game play experience as much as I can, In other news FishPhD is now in charge of coding the launcher for the game and the ‘official’ community of Project Cartographer Aka H2V:Online is now halo.cafe.
You can find the new H2V:Online homepage here.
A long time ago a friend(DarkCoder) and I embarked on attempting to turn a (random) game into a multiplayer Online one, the original intention was to find a single player only game and determine how we could make it into a multiplayer online game instead.
While searching for a game to do this with we ran into Turok 4: Evolution and thus began T4MP remnants of such can still be seen here
Development didn’t get very far though we had a lot of the basic bugs fixed, we had most of the player data structures reverse engineered and the data was syncing between the games.
There were still a ton of issues for starters we had no idea how the hell to program a Multiplayer game at the time so most of our data sending was based on loops which constantly updated the information on the clients about the players.
Now that you know the history of the project I’m glad to say I’ve decided to start working on it again and I’ve made minor progress reverse engineering the event/cause/links/scripts inside of the ati files of the game and have got the game going back into the local multiplayer split-screen mode again.
I’ve had to start over completely as I’ve lost my original code.
But here’s a video demonstrating progress so far,
And here’s one showing issues with the depth buffering that I’m currently attempting to fix,
After long hours of sitting around reversing script functions and getting help from both kornman00 and xbox7887 on various research they had from xbox versions of the game,
I managed to complete a simple quick gun game setup as a first attempt at creating a custom game type, right now it’s all written in the C but the idea is to add lua support to things and actually re-write it in lua as a PoC as what will be possible with the extended external scripting of the game.
The main issue here is determining when to load these scripts (most likely we’ll have options to do it when a specific variant is selected),
The idea is to allow anyone to actually make similar crazy game types for the game and allow people with even no programming experience to help make the game better.
I leave you with a quick video of us testing out gun-game.
The network handling code has been re-written from the ground up on the client side and it seems to have eliminated all performance issues I also eliminated some memory leaks that were present before and I’m happy to say, The state of project Cartographer is STABLE!.
So what’s next on the agenda?
Let’s take a look at what’s currently done.
During my previous fix I changed things around so much that I actually introduced major performance issues the processing time of each packet went up and part of which seemed to also have introduced some sort of memory leak.
Over all the current state of project cartographer is unplayable and unstable with that said we still need people to test once in awhile and lately it’s been hard finding anyone around (in Teamspeak) enough to do so we have 1 or 2 dedicated people willing to test through the agony of lag, crashes, and random other events with us.
Right now what needs to happen is a complete re-write of all packet handling systems there’s tons of inefficient and poorly done things which I’m just now re-thinking and re-structuring.
What I’m constantly seeing from people though is the misunderstanding that this project is currently in a state where we’re even looking for bug reports, or that you can even use it.
If you download this to test with us please do not report things like,
“I crash”,”It doesn’t work”, “It’s laggy”,”Help me”.
These things do not help us improve the code for you and the rest of the community these things only begin to frustrate me and misdirect my attention to issues other then what’s important which is creating a playable stable solution for everyone to play their games with.
Hopefully I have more news soon for the community and here’s to it being good news once I complete this re-write of the whole user handling system, another late night in coming.
So originally you were unable to run 2 clients or 1 client and a server on the same network or same machine,
Now I’ve come up with some what of a fix and it’s pretty messy but it works!
Basically the way I was handling things previously you couldn’t run multiple clients on the same network or same PC even due to the fact that everything was binding to the same port and there were tons of comparisons and identification systems which would identify people based on their WAN IP address instead of some other unique identifier.
Now that I’ve changed the code to identify people differently and added a “server” option to the INI which you’re expected to set in one client/server on the network it will re-bind ports differently.
To explain if I want to run a server on my network I’ll leave it as “server = 0”, I know it’s kind of backwards…
This will cause my server to bind to standard ports 1000,1001,1005,1006.
Now when I launch my client and I set “server = 1”,
My client will bind to 1100,1101,1105,1106 and the rest of the network code in every other client and server will handle this appropriately based on data of where they receive the connection from, what this may break however is the ability to make a lobby due to the fact naturally when trying to connect to lobbies clients will attempt to use the standard ports.
So essentially you can only have 1 host per network at the moment, though this needs to be looked into in a less messy/sloppy manner so that we can run multiple instances of a dedicated server on a single system.
The only idea that I have to brain storm on with this is sending the port with the broadcast packets and having each client read/understand this,
The problem is at this point this is becoming less Universal and more geared towards Halo 2 which isn’t necessarily a horrible thing, just requires a lot of re-coding of the base.
And may mean that in the future I will have two separate versions one specifically geared towards Halo 2 and another which is universal for all XLive games.
For those who understand python read on…
There were also minor modifications I’ve had to make to the master server list which changed how users were stored,
Originally I stored users when they initially made a halo 2 specific “broadcast-search” packet.
In general this is the way LAN configurations in games should work…
Client->Broadcast to 255.255.255.255 (Entire Local Network) -> Server gets packet and sends reply with information.
Right now the way the code works on this end is simply replacing 255.255.255.255 with the “broadcast server” or “master server list”.
The way I stored the users was based on their remote IP without their port, now we just store the self.client_address tuple into the dict and use that.
Basically since each user would be now using a different port we combine the two to uniquely identify them, the way I was doing things previously would overwrite their user in the dict causing them not to be able to see the server… just a lesson to myself in bad programming practices attempting to identify people by IP addresses which I did a lot starting out with this project.
The current state of Project Cartographer is quite buggy to say the least,
It works you’re able to join games there’s no tunnels/vpns(Hamachi,Tungle,etc) or extra stuff besides our single DLL required.
How it works?
It replaces GFWL(Games for Windows Live) libraries and executes network code to simulate a LAN connection over the internet ( Yes this means we use the LAN browser ).
The limitations of this are,
- Custom Map downloading currently does not work.
- You can not view another player’s latency
- There’s no way to customize how you view servers, or to bookmark them or etc.
- Things are still quite buggy 😉 just remember it’s pre-alpha software at the moment.
Even with limitations there are pros to be had,
- Because we package things by injecting data into normal halo2 packets instead of making server requests during joins, this should eliminate Join Lag.
- You’re able to join games faster as well due to the above point.
- The game’s performance over all has been improved by the removal of this.
- The 30ms ping limitation does not exist.
- We will be re-implementing all of the removed functions (bookmarking servers, sorting, map downloading, and player latency viewing).
What can it currently do?
Currently the most you’ll get out of this is playing some quick matches with friends, but in the future there are plans to integrate tons of things.
- Re-integrate a new H2V friends list or a “XLiveless” friends list across all GFWL games.
- Add custom Game Types/Variants to H2V (Zombies with automated team switching and etc, Cat & Mouse where people are automatically spawned in the vehicle etc).
- Real matchmaking systems.
- TeamSpeak API to integrate VOIP since H2V is missing any voice chat capabilities.
- And more.
Let me start by first telling you what The Project Cartographer is,
The Project Cartographer is an attempt at reviving Halo 2 Vista which started with the multiplayer services going down for it and no one hearing any information about it’s return.
Now while this is the initial goal,
Due to the method being used to perform such a feat I’ve also began focusing on other GFWL(Games for Windows Live) games which have had their multiplayer servers also discontinued, but we’ll get more into that later.
For now looking at Project Cartographer you’ll see it is a replacement for XLive and all multiplayer services in Halo 2 Vista,
It is in a functional alpha state currently and was not planned for public release there are people currently testing and we’re always open to additional people granted you’re able to use TeamSpeak and communicate actively with us on issues as well as not expecting a bug free release as this is still a pre-alpha release.
As far as getting the actual files and helping us test please check out the Halo2Vista forums,