azerothcore / azerothcore-wotlk

Complete Open Source and Modular solution for MMO
http://www.azerothcore.org
GNU Affero General Public License v3.0
6.54k stars 2.62k forks source link

Chests Exploit #17646

Closed Aniquilo closed 11 months ago

Aniquilo commented 11 months ago

Current Behaviour

There is a huge exploit on all chests that are summoned vía SummonGameObject on instanced maps and probably eveywhere for chests that have a RespawnTime of 0 set on SummonGameObject and a database default spawntimer, this will allow any character to easily exploit the chests when you kill a certain boss, wait for the chest to spawn, collect items from the chest, leave one item inside and then just wait until the chest is filled again with fresh new generated items from the *_loot_template refefences.

Probably you can even wait and the chest will be generated from scratch since respawn time is checked against db data when 0 is passed as an argument to SummonGameObject, probably when 180 seconds or 300 seconds have passed.

Expected Blizzlike Behaviour

Of course, not exploitable chests

Source

WotLK Classic?

Steps to reproduce the problem

  1. Kill any Boss which has a chest as a source of loot summoned vía SummonGameObject
  2. Click on the chest, get all items inside except one
  3. Wait 180-300 seconds (Culling of Stratholme, Ulduar, etc)
  4. Click on the chest again
  5. Profit exploiting chest infinitely

Extra Notes

This is just a general issue

AC rev. hash/commit

https://github.com/azerothcore/azerothcore-wotlk/commit/12ff3e0c67765d27cd14aa76e9f37e31e85ab7b9

Operating system

Debían 10 x64

Custom changes or Modules

No response

sudlud commented 11 months ago

Thanks for the report!

Can you please maybe provide additional info or exact steps to reproduce this issue? Like kill boss xyz in instance abc and in normal / heroic etc. And maybe also provide a screenshot or 2

I'm asking for more details as I'm trying to reproduce this problem but in the AC revision you referenced I'm not really seeing this issue.

Are you using a clean AC build or maybe a repack / any additional mods or custom changes?

Nyeriah commented 11 months ago

Just to add to the above, you can also join discord and message one of us if you don't wish the exploit per se to be visible until its addressed, but right now we were not able to reproduce the issue described with just the information provided

Aniquilo commented 11 months ago

@sudlud @Nyeriah

Tagging you due to responses, chests that are currently exploit-able:

Ulduar 10/25:

Summoned here: https://github.com/azerothcore/azerothcore-wotlk/blob/master/src/server/scripts/Northrend/Ulduar/Ulduar/boss_freya.cpp#L350

The steps provided above should be enough to reproduce the issue, unless you need explicit videos or screenshots, when i tested this i was using https://github.com/azerothcore/azerothcore-wotlk/commit/12ff3e0c67765d27cd14aa76e9f37e31e85ab7b9 but now i am on latest master which is https://github.com/azerothcore/azerothcore-wotlk/commit/bbadc32bea2ad8b60ea591b8bb7b7387babef458, i am not using any custom modules, just a clean updated repository.

There are multiple chests on the scripts which are summoned, and since there is not just a single issue this can be checked on mentioned bosses.

There is one boss which currently has a correct respawntimer set, which is Kologarn:

https://github.com/azerothcore/azerothcore-wotlk/blob/bbadc32bea2ad8b60ea591b8bb7b7387babef458/src/server/scripts/Northrend/Ulduar/Ulduar/boss_kologarn.cpp#L317

Which has a respawnTimer set of 7 * 86400 (week)

Steps provided to reproduce the exploit (again)


Kill any of the mentioned bosses, wait for the chest to spawn, open the chest and collect the loot, and then wait for the chest to respawn inmediately, you can also leave one item inside the chest, and then click again on it, it will refill with new items.


Hope the information helps,

sudlud commented 11 months ago

Thanks for update!

Yes the instructions are quite clear, I've tried to reproduce this issue on Freya in Ulduar but unfortunately I'm still not able to reproduce this issue.


I've tried the following:

clean checkout of 3a31411b9 (latest master at my time of testing) (backup old worldserver.conf for reference) copy worldserver.conf.dist to worldserver.conf for clean worldserver config -> only change made is to set the correct DataDir setting delete DB acore_world -> this enforces fresh rebuild of acore_world on start of worldserver

Default WoW 3.3.5a enUS client, cleared Client Cache

(using GM account) Level 80 Horde Troll Priest open Raid-Group with 1 other player (who is then offline and not participating in the raid) set difficulty to 10-player (normal) .gm off .tele ulduarraid walk into raid modify health to not die instantly: .modify hp 999999999 teleport to freya: .go xyz 2345 -71 428 pull freya, let fight go on for 10-20 seconds target freya kill freya: .damage 999999999 (get multiple achievements) loot chest, leave 1 item inside (i chose a purple equip item) -> I'm choosing "Pass" for this item, and "Need" on all other items wait 0-10min observe no refill

empty chest (take last item) observe chest despawn observe no respawn


Is there anything in my attempt that differs from your setup / method of reproducing this issue?

A step-by-step maybe using GM commands or a short video demonstration on how-to-reproduce this issue would be very helpful.

Also what is the output of .server info on your setup?

Thanks!

Kitzunu commented 11 months ago

Also what is the output of .server info on your setup?

Better to ask for .server debug output. It gives you more useful data for debugging rather than server info

Kitzunu commented 11 months ago

@Aniquilo Please provide a video showing the exploit. Sounds serious but if nobody can reproduce it then it is what it is

sudlud commented 11 months ago

@Aniquilo Can you please provide exact steps on how to reproduce this? I've provided my steps on an earlier comment and can't reproduce it. Or a short video would really help.

Kitzunu commented 11 months ago

going to close this as it can't be reproduced and the author isn't responding