Page 1 of 1

Source Engine Exploits +2 ( Need Help). Steam id Stealing?

PostPosted: Thu Aug 28, 2014 11:54 am
by vegeta777

a week ago there was a hacker in NotD community, which was banned and could get back in i don't know how but he just hijacks a user session to takeover his id and the original id owner will just get disconneted, For this the Coder Of NotD "JzServices" coded an anti-steam-stealing which is

Code: Select all
//Simple Booter

#include <sourcemod>
#include <sdkhooks>

#define VERSION "1.0.0b"

public Plugin:myinfo =
    name = "Simple Booter",
    author = "JZServices",
    description = "Source Bugfix",
    version = VERSION,
    url = ""

public OnClientPutInServer(client)
   if (!IsFakeClient(client))
      new bool:matched=false;
      decl String:clientsteamid[64];
      for (new x=1;x<MaxClients;x++)
         if (client==x){continue;}
         if (IsClientConnected(x))
            decl String:playersteamid[64];
            if (StrEqual(clientsteamid,playersteamid,false))
               PrintToServer("Matched player %N - %s and %N - %s",client,clientsteamid,x,playersteamid);
               ServerCommand("kickid %d", GetClientUserId(x));
      if (!matched){PrintToServer("Player %N - %s validated",client,clientsteamid);}

Also,Look At this, i found something Very odd. ... %01&Submit

Steam Community : 76561197960265728
he keeps getting banned and it's no use.

and it's probably not patched due to searching : 76561197960265728
gives u alot of sourceban bans.

the most recent one (of my searching ofc) is on 7-31-2014 ... Type=steam

and i don't Think these are Nonsteam because i've logged on to them + they are Vac-Secured.

Second thing.

there is an exploit where u manipulate the spray to make Valve Engine crash.
it was released in 2013 and still not fixed (although not popular nor known).

but i really don't understand how to do it exactly.

Would you guys check this out?.

Links: ... 612450847/

Youtube Demostration:

PS: are there any remote or file upload exploits in CSS yet?, since i have a VAC-bypass method that would bypass all bans but if i got rcon banned i can't log in back :-(.


Re: Source Engine Exploits +2 ( Need Help). Steam id Stealin

PostPosted: Thu Aug 28, 2014 9:09 pm
by Sethioz
Umm you mean he got banned from community?
That session hijacking is common, it's basically if you steal somebody's cookie and use it, you will be logged in as another user, steam might take some stuff from your client side, so it appears like you still use your own name / profile, but it actually uses other person's profile with your visual info?
I haven't looked into this at all, so not sure. Just from my experience that's how session stealing works. I've done it on some forums.

also i tested it on my own forum with a friend, he used my cookie stealer and i got his info, then i used cookie editor in firefox to edit mine and i was logged in as him, with his permissions.

as about exploits, i can't say much, but i asked Luigi ( to check this topic, in past he found some exploits in steam and source engine (i think), he might be able to tell more. I doubt he replies to this topic, but i sent him email and see what he says about it.

Re: Source Engine Exploits +2 ( Need Help). Steam id Stealin

PostPosted: Thu Aug 28, 2014 10:19 pm
by vegeta777
Oh so it's a bit difficult to do,Thanks mate.

i've already sended emails to alugi and Revuln( which i found out to be the same guy lol).

lets see what does he say about this.

Thanks Anyway Sethoiz, i appreciate it.

Re: Source Engine Exploits +2 ( Need Help). Steam id Stealin

PostPosted: Sat Aug 30, 2014 5:02 am
by Sethioz
it's all about motivation, i just don't find it interesting and i can't bother with it.