Jump to content

Hacker problem?

Dryke

By Dryke
in PZ Multiplayer

 Share

Recommended Posts

Dryke

Dryke

Posted
Posted

There's something out there that is allowing people to log into a MP server in some type of god mode.  Unkillable, spawn anything at will, see/find anyone, etc.

 

Just had to leave a MP server that was under assault by someone running this.  Even with the admins working in the background to stop them, all they could really do was ban him and then he was just switching IP's and returning.  While the two admins are some pretty sharp guys, it might be worth looking into how secure the program is against people giving themselves god mode.

Link to comment
Share on other sites
randomwhitedude

randomwhitedude

Posted
Posted

Serveradmin here,

 

password was set, i wasnt fully there while it happened and was just getting messages that theres someone doing stuff,

 

login-logs showed no login as admin so its some kid of privilege escalation or privilege spoofing in client i guess but i got messages by Dryke and others who was doing it, so iwas banning his ip on the firewall level 

 

I persoanally do not see it as much of an isse as as you say its pretty early MP development.

 

If I could wish anything from what you fix first its performance/stability anyway before you put effort into not trusting the client :D

Link to comment
Share on other sites
TITAN

TITAN

Posted
Posted

Im administrating the Server together with randomwhitedude and i got messaged when he started to destroy everything and logged in, so i can tell you what he did / could do.

 

- Spawn boxes of wood walls

- Spawn fire

- TP to players

- let players spawn near him

- spawn all kinds of items

- kinda change his name without being shown on the player board

 

possibly he had full admin acces to the ingame commads too.

 

While i agree with randomwhitedude that its not that much of an issue that early in MP developement, it just kills fun if sm1 comes and kills you + destroys everything without you being able to do anything against that.

 

-TITAN

Link to comment
Share on other sites
Connall

Connall

Posted
Posted

I... would really like to get my hands on his code. That's impressive work.

 

When there's a will, there's a way.

 

For the sake of curiosity, how is the server hosted? Personally or on a server hoster. Is it at all possible that the player might have been whitelisted as an admin intentionally, or through a trick of his own?

Link to comment
Share on other sites
randomwhitedude

randomwhitedude

Posted
Posted

Its hosted personally, 

 

and if there is no another way than granting players admin privileges via the grantadmin command, i didnt give it to anyone intentionally and the "admin" account should be the only one with admin privileges 

 

from what i saw the serverlogs dont show that much useful stuff, but if you want me to upload them anyway - please say so!

Link to comment
Share on other sites
Brybry

Brybry

Posted
Posted

You might want to check the SQLite DB to see if any users are flagged admin that shouldn't be but from my initial poking at the list of things he could do I don't think he actually had admin.

If he had admin he could have removed it from the other admins or kicked users, etc.

 

Adding things like walls and spawning fire I'm almost positive are currently client authoritative.

 

The simplest answer to me would be that he was using a modified version of the admintools mod (or wrote his own) + a workaround for the lua checksum

Link to comment
Share on other sites
Brybry

Brybry

Posted
Posted

I know of a bug that currently exists (I actually PM'd it to nasko a couple of days ago) that lets you get around the checksum without too much effort.

I can think of various other ways to get around the checksum but I don't really want to give people ideas.

 

Honestly, I think trying to perfectly secure the client is a lost cause. The checksum is nice to prevent average joes from simply editing their files to cheat.

The real answer is that the server shouldn't trust the client where it can and then server administrators can handle anything else.

I imagine once multiplayer is more mature that more commands will become server authoritative and can double check that the client should be able to do what it asks the server to do (and doesn't expose data to clients that it doesn't need to) and will make most lua 'hacks' moot.

 

I'd guess that performance is a bigger priority than security to the devs right now because there's not much point to a secure game that you can't play

Link to comment
Share on other sites
TITAN

TITAN

Posted
Posted

You are propably right Brybry, but i got one point that bugs me, it did from the beginning but i couldnt think of what it was, now i got it.

 

I couldnt Ban or Kick the Hacker because the server said there is no player with this name, using ip ban through the player list didnt work too, is this just broken or could he have disabled that too?

 

-TITAN

Link to comment
Share on other sites
Brybry

Brybry

Posted
Posted

I couldnt Ban or Kick the Hacker because the server said there is no player with this name, using ip ban through the player list didnt work too, is this just broken or could he have disabled that too?

 

-TITAN

I think that's a straight up bug. Banning by name and ip are pretty much the same command so probably have the same check (like if you look in the scoreboard lua ban ip is just /banuser $username ip=true)

 

Do you have the names that he connected with from the server log?

I just tested with a simple network client that I made and if I connect with a certain name that makes an unkickable/etc player (causes Error with packet of type: 81 for admin on the server).

However, I can't get it to work with the actual client in windows because the client fails to save files due to windows filename restrictions (though there might be a creative way around that). I imagine it would work on linux or mac but I'm wondering if that's what he actually did.

Link to comment
Share on other sites
TITAN

TITAN

Posted
Posted

Small update:

 

He also can kinda delete the map tiles (you just walk on black floor)

 

Here is a screenshot from someone playing on our server: http://subefotos.com/ver/?a88212161728068a7d9e7c08b7add9e3o.png#

 

And another Screenshot: http://subefotos.com/ver/?c50e3b5c5a3930076f024369f3049a7fo.png

 

NOTE: There is someone with the name of admin, thats not me or randomwhitedude.

 

-TITAN

 

Edit: Answer to Brybry: We did just ban him by blacklisting his ip (or rather the full ip address room from his vpn provider) in our firewall.

Link to comment
Share on other sites
Connall

Connall

Posted
Posted

Small update:

 

He also can kinda delete the map tiles (you just walk on black floor)

 

Here is a screenshot from someone playing on our server: http://subefotos.com/ver/?a88212161728068a7d9e7c08b7add9e3o.png#

 

And another Screenshot: http://subefotos.com/ver/?c50e3b5c5a3930076f024369f3049a7fo.png

 

NOTE: There is someone with the name of admin, thats not me or randomwhitedude.

 

-TITAN

 

Edit: Answer to Brybry: We did just ban him by blacklisting his ip (or rather the full ip address room from his vpn provider) in our firewall.

 

admin is the default admin user. Change the password for it, see if that does anything.

Link to comment
Share on other sites
Brybry

Brybry

Posted
Posted

Chat names don't mean anything sadly. Chat is literally just a raw string and totally trusted by the client (even at the lua level) and so you can't trust that for banning/admin command purposes.

He could be logged in admin or he could just be pretending by sending chat messages that are prefixed with admin by having edited his lua files.

I think the scoreboard names are accurate though.

 

In the Zomboid\Logs directory there will be %date%_user.txt logs and %date%_admin.txt logs so you can find the exact name he connected with that prevented you from kicking him and also see what admin commands were used if any to verify if he actually had admin or not.

Link to comment
Share on other sites
Brybry

Brybry

Posted
Posted

His Scoreboard name was just:

 

"

 

or he propably couldbe logged in with no name as there was one row with no name at all.

 

-TITAN

I think that was probably his name. " was the name (or any name with double quotes) that broke kick/ban/etc when I tested it.

I wonder if anyone with linux or OS X can confirm that it works or if someone can figure out a way for it to work on windows.

 

I don't think it will actually let you have a truly blank name but maybe you can put color codes in to make the name text the same color as the background on the scoreboard? But I would think the kick/ban buttons would still work in that case (as long as the name didn't have double quotes in it.)

Link to comment
Share on other sites
harakka

harakka

Posted
Posted

Weird player names have come up previously IIRC, a fairly simple solution would be to have an (numeric?) ID associated with each connected player, and accept the number as parameter instead of name for all player-targeting commands.

Link to comment
Share on other sites
randomwhitedude

randomwhitedude

Posted
Posted

closing up the server wouldnt really solve the problem,

 

this way i/we/you can observer his behaviour some more, as on a 27 Server ill have to delete/reset the map every once in a while anyway so i dont see it much of a problem yet. As long as he's just "having fun" and not seriously hurting infrastructure im totally okay with that. After all its pretty impressive what he did eh

Link to comment
Share on other sites
Dryke

Dryke

Posted
  • Author
Posted

Whitelisting is a good solution if the main goal is to keep this user off the server - particularly since he's just switching IP's at will and making it impossible to lock him out with an individual ban.  Unfortunately the server as it is currently set up is based on an 'open community' model rather than a dedicated group of specific players, so committing to a whitelist system means changing that :)

 

As others have said here, though...it is early in MP development yet and at some point in the future things will likely change.  I really only brought all of this up as a way of identifying an issue that can be put on the list of things to take care of...eventually :)  For now, it seems that those who play MP will either have to accept a closed/whitelisted group of players, OR accept the possibility that some random person could show up at any time and destroy everything they've worked for over and above the mechanics already in place in game (such as zombie death or PVP).

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...