
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
The ac-websockets-server is a python based server to control a local Assetto Corsa dedicated server via a websockets connection from a remote host.
You can install ac-websockets-server from PyPi:
pip install ac-websockets-server
The module is only supported in python3.
The client protocol consists of single line commands which receive a Google style JSON object response.
The following ACWS related commands are supported:
shutdown now
shutdown the ACWS serverThe following server related commands are supported:
server drivers
shows a summary of the active drivers on the serverserver entries
shows a summary of the entry_list.ini contentsserver info
shows a summary of the serverserver restart
stops and starts the AC serverserver sessions
shows a summary of configured sessionsserver set session_name enable|disable
enable or disable a sessionserver set session_name laps number_of_laps
set number of laps for a session (only valid for RACE)server set session_name time number_of_mins
set number of mins for a sessionserver start
starts the AC serverserver stop
stops the AC serverserver time number_of_minutes
sets the number of minutes - needs server restart to take effectExcerts from the responses to these commands are shown below.
# server drivers
{
"data": {
"drivers": {
"Mark Hannon": {
"name": "Mark Hannon",
"host": "192.168.1.1",
"port": 50834,
"car": "bmw_m3_e30",
"guid": "9993334455599",
"ballast": 0,
"msg": "joining"
},
"Boof Head": {
"name": "Boof Head",
"host": "192.168.2.1",
"port": 50834,
"car": "bmw_m3_e30",
"guid": "123456768",
"ballast": 0,
"msg": "joining"
},
"Crazy Guy": {
"name": "Crazy Guy",
"host": "192.168.3.1",
"port": 50834,
"car": "bmw_m3_e30",
"guid": "7777777777777",
"ballast": 0,
"msg": "joining"
}
}
}
}
# server entries
{
"data": {
"entries": {
"CAR_0": {
"car_id": "CAR_0",
"model": "dj_skipbarber_f2000",
"skin": "The9GAG",
"spectator_mode": "0",
"drivername": "",
"team": "",
"guid": "76561198102064903",
"ballast": "0",
"restrictor": "0"
}
# server sessions
{
"Practice": {
"type": "Practice",
"laps": 0,
"time": 120,
"msg": ""
},
"Qualify": {
"type": "Qualify",
"laps": 0,
"time": "10",
"msg": ""
},
"Race": {
"type": "Race",
"laps": 20,
"time": 0,
"msg": ""
}
}
# server start
{
"data": {
"msg": "Assetto Corsa server started"
}
}
# {
"data": {
"serverInfo": {
"version": "v1.15",
"timestamp": "2022-07-22 10:42:32.8776464 +1000 AEST m=+0.007426800",
"track": "rt_autodrom_most",
"cars": "[\"ks_mazda_mx5_cup\"]",
"msg": ""
}
}
}
The following grid related commands are supported:
grid finish
sets grid order based on latest race finishing ordergrid reverse
sets grid order based on latest race REVERSED ordergrid order
shows a summary of the current/updated grid ordergrid entries
shows a summary of the all slots for/from entry_list.inigrid save
write the changes to the grid to the entry_list.ini fileSetting reverse grid and then writing the result are shown below:
# grid reverse
{
"data": {
"msg": "test/results/2020_12_20_20_58_RACE.json parse SUCCESS"
}
}
# grid finish
{
"data": {
"grid": {
"1": "Keith",
"2": ".SNRL.shille",
"3": "Wayne",
"4": "Russ S",
"5": "Mark Hannon",
"6": "RussG",
"7": "ab156"
}
}
}
# grid write
{
"data": {
"msg": "entry_list.ini file update SUCCESS"
}
}
The following lobby related commands are supported:
lobby info
shows the lobby infolobby restart
re-registers to the lobbyThe following tracker related commands are supported:
tracker start
starts the AC servertracker stop
stops the AC servertracker restart
stops and starts the AC serverAll commands require stracker.ini to be stored in the cfg directory and stracker.exe in the server root.
FAQs
Assetto Corsa Websockets Server
We found that ac-websocket-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.