This repository contains a script designed for handling Steam server queries and demonstrating an exploit for remote code execution via Steam server query handling.
This script sets up a UDP server to handle Steam server queries, specifically A2S_INFO and A2S_PLAYER requests. It demonstrates a buffer overflow exploit in the Player Name field to achieve remote code execution on the target server.
Note: This script is intended for educational purposes only. Unauthorized use of this script against servers or systems that you do not own or have explicit permission to test is illegal and unethical.
- Clone the repository:
git clone https://github.com/SleepTheGod/Steam-Remote-Code-Execution.git cd Steam-Remote-Code-Execution
2.Install the required dependencies (if any). This script uses Python's standard libraries, so no additional dependencies are required.
Run the script python steam_exploit.py
Script Overview The script contains the following key components:
UDP Server: Listens for incoming Steam server queries on the specified host and port. Request Type Checking: Determines if the incoming query is an A2S_INFO or A2S_PLAYER request. Response Creation: Generates appropriate responses for A2S_INFO and A2S_PLAYER requests, including a payload for remote code execution. Exploit Details The exploit leverages a buffer overflow vulnerability in the Player Name field of the A2S_PLAYER response. The script constructs a payload that includes a ROP chain and shellcode to achieve remote code execution.
Important: This script includes potentially harmful code. Use responsibly and only in controlled, authorized environments.
Legal Disclaimer This project is for educational purposes only. The authors are not responsible for any misuse of the information provided. Unauthorized testing and exploitation of systems is illegal and unethical.
Acknowledgments Valve Software for providing documentation on Steam server queries. Security researchers for their contributions to understanding and documenting buffer overflow vulnerabilities. Contact For more information, feel free to reach out via the repository's issue tracker or submit a pull request.