You never know i might even get a free copy of lfs3 when it come's out .

No lol im just mad at the tristancliffe guy he is flaming for no reason what so ever i do agree that was said in the moment of heat i was pissed off but nah this is safe with me untill it's patched i wont release it till then after patch then i will becouse i can still release the poc after the exploit has been patched.And you are right i love lfs it would be a shame since they done such a great job at it.

tristancliffe you fail to grasp the whole concept of what im talking about may-be you need to learn to program and may-be learn wtf im talking about if not just don't post please your a flame whore that's think's he is cleaver behind his computer.Yes any one can download a trojan but you have no idea so shut up.The dev's have 24 hour's then im releasing it im just sick if some of you some one tries to do the lfs community some good and you flame well done.

Quote :

stuck in front of a computer trying to find ways people can access your computer, but do try a bit harder.

Obviously i don't need to try any harder m8 i've already proved lfs is exploitable and able to put other lfs user's at risk.Now please stop spaming in my post ego tripper.

Quote :

I found a HUGE exploit with LFS. I have a keyboard on my computer, and anyone (and I mean ANYONE) could just start a trojan running, or install some nasty virus.

That's what im talking about the kiddy mentality of some people.

Last edited by muhaa, Mon 30 Jul 2007, 11:27.

Quote :

Oooh, a new exploit mod.

noo not a mod u numpty you have no idea what im on about do you obviously by that statement you don't.With this exploit some one can gain access to your computer download and execute a exe could be a trojan or keyloger inject a dll execute commands's Some of the thing's that can be achieved with our 750 byte's buffer ..

Quote :

Shame it was made/found by an idiot, but if he can find it so can anyone else here.

First of all you don't know me this kind of comment just make's me want to release it and let the lfs racer's deal with it at the end of the day the vendor has been notified there is nothing they can do if i do release it your just a kid that like's to flame people if you have nothing constructive to post don't,Also i like to point out one thig i've been doing this for 6 year's m8 so i don't think it's just as easy to say hey if he find's it any one can it's wrong kind of attitude you have.I know a few security researcher's who have tested lfs2 one of them a close friend who never came across this bug his name is Luigi Auriemma google it he found the fake player's bug in lfs.Now shut the fuk up.

Bind Shell

Bind DLL Inject

Windows Executable Download and Execute

Executenet user /ADD

Windows Reverse Shell

Just many of the thing's im able to achive it's not a exploit for the actual race to cheat if that's what your thinking any way i've sent the email to dev's so ill let you know of the update's.

Quote :

It's only a local exploit so it's not a major issue, however it is an issue.

It put's every one with lfs in risk serious risk like i said it wont be to hard to trick some one with this i promise you that,The dev's will take it seriously i can guarantee of that the risk level what security site's give for this is red which is on the scale of 1-10 this would be about 8 to 9 at least.

Last edited by muhaa, Mon 30 Jul 2007, 11:17.

Hold on there is nothing to say i have to tell them any thing about this i could keep it to my-self im not sure haw easy it will be to fix this problem.I wasn't sure if it was exploitable i needed to do more testing on this which i confirmed my suspicions that it is,Do you think it is that easy just to write a poc with debugging info and send it to them try it and let me know,It take's time to write every thing up with explanation of the stuff needed.I need to know which language they want the pc code in..Perl,ruby,python,c c++ but ill send them an email i wasn't going to bother them till i new that it was exploitable which i know now.

Sent email fingure's crossed they take it seriously.

Last edited by muhaa, Mon 30 Jul 2007, 10:55.

Ok well what i can tell you is i was right it is exploitable and after 20 min's of trial and error i was able too execute shell code it is local exploit but it wont be to hard for some one to be tricked into this very easy if you want to be my Guinea pig just let me know lol.I am still not sure what to do i want to release a poc code for it .But i don't want to put other's in risk maybe ill tell the dev's then release the poc code..It's up to them to fix it not me .But it defiantly work's was able to execute calc.exe ..Ok haw do i get in touch with dev's.

Was straight forward the eip got overwritten 37 byte's of buffer the next 4byte's for the static adress inside jmp esp next 4byte's point's directly to our user supplied data then we added 351 byte's of shell code followed by 353 byte's of buffer to fill the rest of the static buffer up..The done a jmp esp into our shell code..

Last edited by muhaa, Mon 30 Jul 2007, 10:37.

Wow

Quote :

but you come off as a script kiddie that way

You guy's need to calm the hell down .And know what a script kiddie is not some one who write's there own exploit's im far from a script kiddie as you could possibly get maybe you should find out what a script kiddie is before calling some one this ****ing never been insulted so much you know what it's your loss you guys obviously are just plain looking for an argument look ill just release the poc for every one i know ok then we will see who is being a smart ass.
You guy's need to grow up and stop trawl for argument's if you got nothing constructive to post dont bother posting simple.

Quote :

To be honest I don't really care about this exploit you claim exists, mainly because you are too stupid to tell us in normal terms what it means

Do you mean your to stupid to realize what the hell im talking about that's your problem not mine.

Last edited by muhaa, Mon 30 Jul 2007, 09:13.

tristancliffe ok if you want to play like that m8 it's not a problem im trying to do 1000 thing's at once and im typing fast as hell im not bothered weather i make typo or not.The reason it's like that is because i just updated the post u numpty.Look if your guna be funny about it ill just write and release a poc for it simple then it put's every one at risk of being hacked.Im not 100% english so my english is bad if you cant read it then tough sh!t.

Quote :

Clever enough to play with code, but too stupid to type/spell properly

Obviously alot more cleaver than you by the look's of thing's.Any way which part of my post can you not read because if it's the memory register's there supposed to look like that.

Last edited by muhaa, Mon 30 Jul 2007, 09:01.

Yeh im not going to untill im 100% sure this is exploitable although i was having problems recreating the same result's i did last night for some reason although i will see what happen's today and if i do come across it ill send them all the info they need..It's not window's related it lfs

Oh fuk i just recreated the bug and it's a buffer over flow im not 100% sure where but i have a test file that show's this bug is easy exploitable through a standard exploit rather than seh over write it's a pretty serious bug i was able to over write the eip and my esp point's to the user supplied data serious bug.I just cant get over all the time i've been looking at finding a bug in lfs and come across an exploitable buffer over flow as i know im not the only one who has looked.

I think ill write a poc code for the dev's to show it is exploitable the problem is it's a comon buffer over flow,The actual result's im looking at know show's that it's a serious problem like i said ill write a poc and itll get fixed so be prepared for a new patch some time soon..

Last edited by muhaa, Mon 30 Jul 2007, 08:48.

imthebestracerthereis ur not funny no im not 1337 H4XX0R LOL i write exploit's and do alot of exploit development ur brain cant even comprehend what im talking about so you got to make a joke about it.If i was you i would be worried as you own lfs 2 also.Some people just don't realize that i was actually trying to help the community..

Quote :

I don't get it. what does this bug do?

Have a read and it will tell you.
http://www.uninformed.org/?v=5&a=2

Ill try and get in touch today with him no one should be worried as the bug has not been confirmed and only me know's about it and will be kept that way.

Last edited by muhaa, Mon 30 Jul 2007, 08:20.

Yeh im just looking into this m8 collecting some more information by what i know of seh overwrite's it look exploitable because we can walk the long chain of exception handler's then just do a pop pop ret <=== asm > back to our shell code we could use a address inside the dll like we would use normally a jmp or call with a straight forward buffer over flow this is alot different we need to pop 2 address of the stack and return back in the stack where our shell code or could do a jmp esp +8 there are a few way's.

So the stack would look like this

----------------------------------------------
41414141
41414141
0012F498 44444444 Pointer to next SEH record
0012F49C 45454545 SE handler
-----------------------------------------------

SEH chain of main thread
#Address SE handler
#---------------------------
#0012E46C
#45454545 <<<--SE handler

Look's exploitable to me thank god it's not remotely exploitable.But m8 if they see it here thay can pm me just the same and get the detail's about it i get a little sick of contacting vendor's about buffer over flow's and stuff nothing happen's then this happen's lol the bug's get released to ther public via a fully functional exploit ..

http://www.milw0rm.com/author/664

That's just a hand full that i've released due to vendor taking no notice so what make's this any diffrent.

Last edited by muhaa, Mon 30 Jul 2007, 00:04.

Hi i do alot of exploit development and i think i might have came across a serious bug where we could execute shellcode by gain control of the eip through a seh overwrite if one of the dev wants to pm for further detail's it isn't a problem although i wont release and exploit or give out any detail's but clearly the exception handler's got smashed.I will be investigating this tonight.

Ok ill try that m8 not a peoblem im guna try get hold of my gf over the phone and see if she can send me them.

This might sound stupid i was wondering if i sent an email to the admin confirming my billing name and billing adress they could send me my bank details i paid for the game back in 2oo5 as i need my bank details..And my gf has went on holiday with my card lol..Any ways i think im just guna have to wait and see what the admin says.

hi guy any one know where i can get the new version of beckys back fire mod the download link dont work in here post any one else know where i can download i please.

Ok cool thnx hope it not guna be to long :P wana play lfs 2 rolf.

Hi guy's i was wondering haw i get a new unlock as i have no more becouse i had to reinstall my computer.I tried email them but still no reply..

Im having axis trouble it keep's twiching strange since this new patch i have logitech dual action controller with new driver's any one else had the same problem...

Hi guy's was wondering if there would be a chance of geting an unlock key as i had to reinstall due to virus many thanx.I duno if you guy's can but meh would like to play again lo0l..

Guy's there was a site like this one a while ago would let you get all the online server like a list does any where know of one like this.

http://ljobes04.bounceme.net/index.php

Just come across a few crash phsyic's and stuff i dun0 might come in handy lol..
http://hyperphysics.phy-astr.gsu.edu/hbase/carcr.html

S0 guy's im a n00b and was wondering if there was any skin tutorial's as i would like to be able to make my 0wn skin's thnx.

0k ppl been drifting for a little while now,I was w0ndering if you could take a look at the replay i normaly drift with a1 while practicing hellp's me to learn hw to maintain speed through the corner i wanted to know if that's what u call drifting 0r am i not commited enough through the corner any hellp would be much apriciated..

Last edited by muhaa, Tue 24 Jan 2006, 01:46.

Just wanted t0 add a few m0re link's whic i came across..
http://www.dynasim.se/index.htm

L0l u could even include this in the next lfs 2 improvment's hail storm simulator.
http://www.hailcalc.com/

car sim graphic's link.
http://www.racer.nl/links.htm#prggfx

Last edited by muhaa, Fri 20 Jan 2006, 18:54.

Found this engine calculator dun0 if it might come in hand for some one just thought i would share.
http://www.virtualengine2000.com/Calculator.htm

Suspesion softwear als0.
http://www.performancetrends.com/4link.htm

Simulation softwear
http://www.idsia.ch/~andrea/simtools.html

M0re sim softwear
http://www.mitchellsoftware.com/prod03.htm

Last edited by muhaa, Thu 19 Jan 2006, 23:58.