Selling my Shaiya pserver exploit...

Well the time has finally arrived that I have simply become so bored with pwning servers that I am willing to sell my ps_login exploit. So what is the ps_login exploit you might ask? Well it is a way to gain Admin level access to whatever server you wish through the ps_login.exe. Thanks to some truly horrendous coding from whoever wrote the ps_game and ps_login they are literally full of exploitable goodies.

The exploit works like this, you send a specially crafted string to the ps_login, the service crashes, loads shellcode that creates a new user, adds the user to the Administrators group, then immediately restarts. You can then connect to the server with RDP with the same level of access as the server Admins.

Pm me if you are interested.

P.S. There is a fix for this. I have already implemented it on a few servers. If you are a server owner and would like me to setup the fix for you, then pm me as well.

Bullshit. LOL, Just close port 1433 and change the logins from Shaiya/Shaiya123 to something more complex...

This has nothing to do with Sql you idiot. EVERY Pserver has a ps_login (allows players to login) my exploit targets that directly. Not everything has to do with Sql.

Sure fucking fucktard, like i never had any pserver in my fucking life. (taZ) If i ever get your IP your fucked fucking fucktard.

Awww, that's cute. Clearly you didn't know your server files very well then. :P Do a bit of research on buffer overflows and think of how that could apply to the ps_login.exe.

Quote:

Originally Posted by FuckCoke If i ever get your IP your fucked fucking fucktard.

<--127.99.132.19 bring it!

Your such a sad kid.
Add me on skype if you dare.
deejay.taz ;)

I already gave you my IP Addy Taz, do you want pictures of me now or something? You've already got all you need to mount a full blown skiddie DDoS on me. But back to the original point of the post, I'm not hear to argue or get your thong in a bunch. I know it works, I have proof it works, so if anyone has any serious inquiries pm me.

If Su1ph3r said there is a Vulnerability in PS_Login.exe then there is a Vuln in it. He talk about shit you guys dont even dream about. Believe if he can do one thing, it is pwn all of u.

btw, the Shaiya-Source code is that horrible coded every programmer would bit his ass if he take a look at source.

eh Su1ph3r ?

buy that stuff, I promise it's workin and If I promise things, it means somethin.

A true programmer that respects himself wouldn't sell an exploit, at least not publicly, and more than that they wouldn't use it to destroy something they didn't create. Contrarily to that, they would sell the fix for it, or release it for free, that's their choice. And also, a true developer would have a more mature word fight. You might wanna look into ethics before making a new post.

Bullshit. LOL, Just close port 1433 <--What about port 1434? Everyone closes port 1433 thinking that is the only sql server port, 1434 is the UDP port for sql server. Open by default during the SQL Server installation, even if all UDP ports are closed the sql port will remain open for direct connections, all you need to do is brute force the sql server login or the windows login creds since nearly everyone uses Windows Auth in SQL Server, and you've got access as NT/SYSTEM (Full Admin). Just a bit of free knowledge for all the server owners who have no clue how to secure themselves.

Quote:

Originally Posted by nubness A true programmer that respects himself wouldn't sell an exploit, at least not publicly, and more than that they wouldn't use it to destroy something they didn't create. Contrarily to that, they would sell the fix for it, or release it for free, that's their choice. And also, a true developer would have a more mature word fight. You might wanna look into ethics before making a new post.

Did you somehow miss the part where I offered to setup the fix for others. I have my reasons for selling the exploit, but I wouldn't expect someone as clearly self righteous as you to understand such things.

I know you're trying to become a mod or whatever, but you might want to walk away on this one. I will have the post removed before long. Be patient.

Someone is just worried his server will be exploited this way.
That's why him and his buddies are messaging you all over Skype and through his alt accounts on here.
Which isn't that not allowed here? A mod with multiple accounts...hmmm.
That's against the rules isn't it?
Anyway I keep getting spammed with this link in Skype, so figured I might as well give a bit of input myself.

Quote:

Originally Posted by Su1ph3r Did you somehow miss the part where I offered to setup the fix for others. I have my reasons for selling the exploit, but I wouldn't expect someone as clearly self righteous as you to understand such things. I know you're trying to become a mod or whatever, but you might want to walk away on this one. I will have the post removed before long. Be patient.

Trust me, I didn't miss anything. The fact remains, you are trying to prove a point here, well let me tell you something, you're not the smartest around here, neither am I, but at least I try expressing myself in a polite way.

I have been nothing but polite. Even to good ol' DDoS skiddie Cap'n TaZ. As was stated, unless you understand my motivations, walk away.

Quote:

Originally Posted by [Admin]Snuggle Someone is just worried his server will be exploited this way. That's why him and his buddies are messaging you all over Skype and through his alt accounts on here. Which isn't that not allowed here? A mod with multiple accounts...hmmm. That's against the rules isn't it? Anyway I keep getting spammed with this link in Skype, so figured I might as well give a bit of input myself.

I don't have a server, and I won't have one ever again, I've already made this clear.
I don't have multiple accounts on elitepvpers(FuckCoke presented himself as taZ) and the same goes for Skype.
Your input is worthless Snuggle, as usual.

Quote:

Originally Posted by Su1ph3r I have been nothing but polite. Even to good ol' DDoS skiddie Cap'n TaZ. As was stated, unless you understand my motivations, walk away.

How am I supposed to understand something you don't explain ?

Quote:

Originally Posted by nubness How am I supposed to understand something you don't explain ?

^Probably never occurred to you since you don't appear to be very bright, but perhaps the reason I haven't told you everything is because then it would be public, hence not very effective. Plus it has absolutely nothing to do with you. Plus I just really don't like you.

But anyway, I'm done with the replies on the thread, as I have said multiple times, pm me if you are interested in the fix.

Well, my fun is over, there is no exploit...lol...was just hoping to weed out some of the hackers.