Skip to content

brymko/csgo-exploits

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
pocs
pocs
 
 
proxy
proxy
 
 
README.md
README.md
 
 

Repository files navigation

Disclaimer

This is part of the work that has been produced in about 6 weeks leading up to our reports on hackerone.
The source engine shows its age through its code quality and our code is very much experimental. The POCs themselves show a very low quality of code as they were just made to prove the vulnerabilities.

Proxy

Rust proxy code used to intercept client & server messages, parse and display them. The source networking protocol is unfinished and no guarantees are made. Things like reliable channels (which are used in e.g. filetransfer) are still missing. However for CS:GO it is capable of parsing the first message in each packet from both client & server side packets just fine.

POC

Fixed by Valve on 2021-04-28. Both POCs share a lot of common code as the infoleak is reused between them. Main difference is in the last ~200 lines.

  • splitscreen_exploit.py This is the POC corresponding to the blogpost.
  • entity_exploit.py the root-cause for this bug was already used by Amat Cama

Credits

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

38 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages