Selling my Shaiya pserver exploit...

[Admin]Snuggle · 07/31/2013, 16:24

Oh and I think you just lost out on mod saying my input is useless.
They review your posts man

Nice going smart one, seems you're perfect for this community.

{Skrillex} · 07/31/2013, 20:44

Quote:

Originally Posted by cypherxxl

*********...

#reportet

{Skrillex} · 07/31/2013, 21:19

Quote:

Originally Posted by cypherxxl

Fick dich selbst!... *********

#reportet²

FuckCoke · 07/31/2013, 21:30

Quote:

Originally Posted by ϟƘƦƖןןΣ✘

#reportet²

Get the **** out fucktard.

nubness · 08/11/2013, 22:58

After getting the feeling that Su1ph3r didn't build the "fix" for his exploit on his own, and researching more on buffer overflows on multiple websites, forums, blogs and other geek web pages, I found what it is Su1ph3r is trying to get money for.

Long story short : Enhanced Mitigation Experience Toolkit 4.0 from Microsoft, shortly Microsoft EMET 4.0. Install it, attach the server files to it and enable ASLR and DEP for them.

I am a developer, not an expert in software security, and I also didn't test this. However, I am almost sure it's the right thing, so don't pay Su1ph3r for Microsoft's achievements.

Su1ph3r · 08/11/2013, 23:26

EMET is a part of the solution yes. But it is only a very small portion of it, you're welcome to believe that EMET alone is the solution to the problem but it isn't. Here's why, buffer overflows at a base level are simply crashing the application stack and then using control of the jump pointers to load shellcode.

Having said that, ASLR and DEP are intended to block things like this, but they are not fool proof as they only monitor process flow and execution to detect and block something like a buffer overflow or dll injection.

Now the part that you clearly don't know since you keep trying to belittle me and make yourself look like something more than the **** stain you are. What happens if you use control of the jump pointers to push your shellcode directly to RAM? As the payload never touches the disk, ASLR and DEP are completely useless. Therefore you need to harden the system itself instead of relying on a bandaid solution. EMET is good for what it is, but if you are relying it solely to block attacks you are a fool.

So keep on trying to position yourself into a moderator spot or whatever by trying to seem like aren't quite as ignorant as you truly are. I really hope you do, cause I'd hate to lose the laughter I get from reading posts where you go into such great detail talking about something you have absolutely no clue about.

Enjoy your day shitstain.

nubness · 08/11/2013, 23:30

As I said, I have no idea of software security, but at least I took my 30 mins and researched a bit, while you're just insulting me, it does make a difference.

[Admin]Snuggle · 08/11/2013, 23:37

Quote:

Originally Posted by nubness

As I said, I have no idea of software security, but at least I took my 30 mins and researched a bit, while you're just insulting me, it does make a difference.

It's funny that you only reply to the parts you understand...
Comes to show A LOT about your "research" there buddy.
Might want to take more than 30 minutes before trying to explain that he's a liar.
Seeing as your a wanna be mod and all, it'll be your job, if you get it, to research and FIGURE out things.
Not just go oh don't understand so I'll just reply to the tiny bit I understand.
Which a good mod would do these:
1. Ignore the insult.
2. Look positively on the topic and try to understand where he is coming from.
3. Further RESEARCH this topic before even posting something that makes himself look stupid.
4. Point out valid points...

Su1ph3r · 08/11/2013, 23:45

Then remain quiet about what you do not understand. Saying things like "After getting the feeling that Su1ph3r didn't build the "fix" for his exploit on his own" and "I found what it is Su1ph3r is trying to get money for." just shows your inability to say anything without coming off as an ignorant douchebag.

Were the fix as simple as installing EMET I would have posted a guide. But as I personally spent a few weeks tweaking various servers and working out a perfectly stable solution, I don't feel the need to give it away for free. Especially not to a community full of folks like you who reward good work with snide comments and a ******** attitude.

After dealing with more than my fair share of ignorance and bullshit on this site I can honestly say that I would love to see pservers survive and thrive, but at the same time I am completely unwilling to put considerable effort into devising fixes for things when all I will be rewarded with is more of the same.

Therefore, go **** yourself Nubness.

P.S. The entire reason I posted the exploit for sale was to see who pm'd me asking for it, and it was quite an interesting list if I must say so. Many I expected to pm me did not while others, who shall remain un-named (and coincidentally are the ones trying to 'restore the community') were literally the first to pm me. I did not and do not have any intentions of letting anyone get their hands on this exploit, nor will I use it myself, the community is dying quickly enough as is. But really, wtf?! on some of the pm's I got.

TeddyBear94 · 08/12/2013, 12:40

Quote:

Originally Posted by cypherxxl

*********!

dude do u got any other words? i mean rly c´mon u make ur self look like a fool furthermore with behaviour like that u make urself a target of others.
grow up kiddy.

TeddyBear94 · 08/12/2013, 13:00

Quote:

Originally Posted by cypherxxl

*********.!

proof enough ^_^

erickreq · 08/13/2013, 03:37

hi guys do not know if it's true or lies anyway nothing is perfect but people how are you maybe you are looking to earn money as if to be careful if the dial says being generous to me a generous share without interest at all
sorry for my bad English

thetruestarr1337 · 08/13/2013, 15:29

cypherxxl wurde endlich gebannt.

Aber was hat es mit dem Exploit auf sich? Wenn dieser real ist, wie kann man sich dafür schützen?