Here is a screenshot of the kaillera.com master serverlist:
Either by using Wireshark to sniff packets sent out to kaillera.com or by examining the source code of the Emulinker Kaillera server (src\org\emulinker\kaillera\master\client\KailleraMasterUpdateTask.java) we are able to notice that creating a new server on this list is as easy as sending a GET request to a php script named touch_server.php.
The parameters passed to this script include servername, port, ip, nbusers, maxconn, nbgames, version, url, and location.
Most of these should be obvious. Version is referring to what server software is running: EMX, Emulinker, 0.86, etc. Nbusers is the amount of users in the server currently. Maxconn is the maximum amount of users which can join the server. Location is supposed to be a physical country (Russia, Spain, etc).
There are also two custom HTTP headers implemented: Kaillera-games and Kaillera-wgames. I haven't experimented much with these as of yet.
The script has some sort of anti-timeout, because if you send a GET request and after a minute or two do not reply, your server will be removed from the master list. In order to avoid this, it is best to send the request every minute or so.
Interestingly enough, it is possible to submit bogus information for all of the above parameters to the script, including IP address.
It is also possible to create as many servers as you wish by putting a unique IP address in each GET request to the server. The script simply trusts whatever input you send it rather than checking your actual IP address and limiting servers you can host. Therefore, it would theoretically be possible to DoS the masterlist fairly easily or at least flood it with garbage.
Also, in combination with the script I've written earlier on to exploit Kaillera vulnerabilities, you could publicly add this server to the masterlist, using a convincing name, and entice people to join it. This would greatly enhance the potency of the malicious Kaillera server.
No comments:
Post a Comment