Coming into this and learning of DNS Rebinding I had decided I wanted to make my own attack platform,
After doing research it was apparent that this could be quite deadly getting a victim’s LAN IP is trivial, and port scanning from a browser is even more trivial via websockets.
Funny enough I feel that when I was more active in the information security industry / scene that XSS/CSRF were not taken seriously enough and I feel a lot of developers still do not take them seriously when it seems they can lead to full-scale network compromise and it’s been proven time and time again that if enough payloads were distributed for common networks you’d be able to achieve MITM attacks on routers, reverse-shells on insecure systems and more.
Some software and users seem to rely on the idea that if it’s running on the same system they’re accessing it on that authorization shouldn’t be needed (If they access from 127.0.0.1) with attacks like this however we overcome the fact that things are running on the in-side of the network so chaining things together such as CSRF and code exec issues in systems leads to actual network compromise.
Project Cartographer ( which I’m referring to as H2V:Online from here on ) now has a homepage where pretty soon you’ll be able to find a download link for the mod!
There’s still tons of things that can be done and I plan to write about and release tons more information on this project as well as put more time and effort into improving the overall game play experience as much as I can, In other news FishPhD is now in charge of coding the launcher for the game and the ‘official’ community of Project Cartographer Aka H2V:Online is now halo.cafe.
You can find the new H2V:Online homepage here.
After long hours of sitting around reversing script functions and getting help from both kornman00 and xbox7887 on various research they had from xbox versions of the game,
I managed to complete a simple quick gun game setup as a first attempt at creating a custom game type, right now it’s all written in the C but the idea is to add lua support to things and actually re-write it in lua as a PoC as what will be possible with the extended external scripting of the game.
The main issue here is determining when to load these scripts (most likely we’ll have options to do it when a specific variant is selected),
The idea is to allow anyone to actually make similar crazy game types for the game and allow people with even no programming experience to help make the game better.
I leave you with a quick video of us testing out gun-game.