Fix for the Certification Server

EDIT: Important: After you changed your cert be sure to change the login credentials from the sql server because oriya might already have them but if you change the login credentials you he can't get them anymore from the cert

This is the new certification server with the leak in it patched. I won't discuss the leak in public since others might take advantage of servers who aren't aware of this yet.

Since a lot of people have different certification servers I based mine on the origninal one from drew. I've only fixed the leak. Some things you might need to check if you can't start it is the srNodeType.ini. You need to check if there is an entry inside it with the name "Certification Manager". Also you need to check if the id of the entry in the srNodeType.ini matches the node_type your certification data entry in the srNodeData.ini

if the server still flashes away open it with the command prompt to read the error.

Download:
[Only registered and activated users can see links. Click Here To Register...]

Virus total:
[Only registered and activated users can see links. Click Here To Register...]

I cannot guarantee that the certification server doesn't have any exploit anymore but at least this exploit should be fixed.


EDIT: New link on request since the last one was dead. sadly I lost the source of the previous fix so I made a new one. I don't know what the other one required but this one just needs a node with the name GlobalManager and it'll take that ip and only allow connections from that ip.

The download link also includes the source.

Its not the certification server :)

Quote:

Originally Posted by LaHonda781 Its not the certification server :)

Owh well then I fixed another security leak since I could get the database login credentials from the certification server:)

np :)

Since I noticed that a lot of servers are still vulnerable for this hack I would like to clear things up.

This fix prevents people from getting your database login credentials and ip's of all your servers ect.

However what LaHonda's meaning is that too many servers are poorly secured and have lots of other vulnerabilities.

So if you want to prevent oriya to drop your database or mess stuff up in your database use this cert. If you want to know how I fixed this I could give you some tips in pm's or msn I'm not gonna tell those things in public to prevent other people taking advantage of this bug

Can you explain more about Certification Manager? it's wont start via Certification but in cmd i see he cant find Certification Manager

Ofcourse, It seems like some modified versions of the certification manager are released and drew's original certification server gets the ip from the ini files. To fix your problem you should do the following:

Open the srNodeType.ini

Quote:

[Global] count=2 [entry0] id=337 operation_type=22 name=GlobalManager wip=192.168.0.103 nip=192.168.0.103 machine_manager_node_id=703 [entry1] id=338 operation_type=22 name=Certification Manager wip=192.168.0.103 nip=192.168.0.103 machine_manager_node_id=701

Most of the configs have only one entry or multiple entries that doesn't matter but the point is the entry for the certification manager is missing.
The bold text above shows what you need to add and the red what you need to edit.

So you just need to add a new entry at the end of the file and change the [entry1] and increment the 1 by the number of the last entry.

The name of this entry should be Certification Manager and the id should be something unique in my case I use 338 but you can use anything you want.

Don't forget to increase the count= by one otherwise the entry won't be compiled.

Ok once you did this you need to open the srNodeData.ini and search for a node_id=1. This is your certification server. Once you found it change the node_type= to the one you just added in my case 338.

save the files and compile the files and you're done:)

Owh another thing you could check just in case is the port in the srNodeData.ini of the certification server so you're sure that you're using the correct one.

Quote:

Originally Posted by kevin_owner Since I noticed that a lot of servers are still vulnerable for this hack I would like to clear things up. This fix prevents people from getting your database login credentials and ip's of all your servers ect. However what LaHonda's meaning is that too many servers are poorly secured and have lots of other vulnerabilities. So if you want to prevent oriya to drop your database or mess stuff up in your database use this cert. If you want to know how I fixed this I could give you some tips in pm's or msn I'm not gonna tell those things in public to prevent other people taking advantage of this bug

in my case, i dont have public server, but a test one
some ppl do the saem, btu then they open it to public and do not change login credentials

and believe me, many server out there got user login "sa" and 123456 as password
again, in my case, i wont open server to public but rather to test edits and try fix exploits

kevin_owner

thx for this i just sent you in msn what the problem

Oh cool kevin owner, this could fix the cert problem.
But there is still 1 manager, which can get your id pw infos :D -.-

Quote:

Originally Posted by LaHonda781 Oh cool kevin owner, this could fix the cert problem. But there is still 1 manager, which can get your id pw infos :D -.-

intresting, but that could be solved by the firewall I guess:)

Sorry to say, kevin_owner, but this does not fix it.

Quote:

Originally Posted by evelknievel10 Sorry to say, kevin_owner, but this does not fix it.

explain please (you could also pm)

Quote:

Originally Posted by kevin_owner intresting, but that could be solved by the firewall I guess:)

true

well, i give you an tip.

Only let port: 15779,15884 open, and ur so secured for the next hack attacks which might never happend. xD

Quote:

Originally Posted by LaHonda781 true well, i give you an tip. Only let port: 15779,15884 open, and ur so secured for the next hack attacks which might never happend. xD

there are various methods to hack, not really involving ports
but is a good method to do