-
Posts
2 -
Joined
-
Last visited
-
Days Won
1
Content Type
Profiles
Forums
Downloads
Jobs Available
Server Database
Third-Party Services
Top Guides
Store
Crowdfunding
Posts posted by Zigara
-
-
I would recommend staying away from this "shield".
- The only server change is a custom login packet that includes your hardware id + mac + a static key. There is no packet encryption or server-side logging.
- They are distributing a pirated copy of exe/dll packing software (Molebox) https://github.com/AsiaGenius/ring-0/tree/master/Tools/MoleBox (portable)/INSTALL LICENSE
- The client dll connects to their web server to verify everything, if their web server is down; you won't be able to use your client.
- Their website / report server is vulnerable to SQL injection, there is 0 input validation.
- ... etc
If they can't do basic input validation on their web server, I really doubt they're capable of doing advanced cheat detection, or delivering many of the features they claim to support.
Here is a snippet from the report server (http://guard.ringsec.net/) after passing a bit of invalid data. You could compromise all of their accounts / data / etc, and based on the register form showing the password in plaintext; I highly doubt they actually hash your account passwords.
QuoteError: INSERT INTO logs (hwid, date, cod, descript, ip) VALUES ('wat', 'Monday 13th of February 2017 11:56:25 PM', 'wat', 'wat', '' OR 1=1 --')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1Please stay far away from this software until they resolve all of these issues. Do not use it in production.
- 6
RingSec Shield
in Abandoned Projects
Posted
I did a bit more digging around, and I can confirm; ringsec.net stores all passwords in plain text.
If you signed up at ringsec.net using a password you've used for other services; change all your passwords NOW!