[cod] Cfg download hacking

Mathis Klooß admin at gunah.eu
Fri Oct 29 08:30:28 EDT 2010 

Hi There...

here is an "Very Dirty" "fix", based on PunkBuster.

// Dirty fix for q3dirtrav based on PunkBuster!
pb_sv_md5toolempty
pb_sv_md5toolfreq 10
pb_sv_md5tool a "" v "abcd.txt" NOT_FOUND
pb_sv_md5tool a "" v "abcd.txt.txt" NOT_FOUND
pb_sv_md5tool a "" v "tmp.txt" NOT_FOUND
pb_sv_md5tool a "" v "q3dirtrav.exe" NOT_FOUND
pb_sv_md5tool a "" v "forfopen.exe" NOT_FOUND
pb_sv_md5toollist

pb_sv_CvarFreq 2
pb_sv_cvar r_fullscreen IN 1
pb_sv_cvar cl_wwwdownload IN 1
// EOF

so i have tested these Exploit and it works 100%, only with "set 
sv_allowdownload 1"
If these host has use wwwdownload, the Client can disable these settings 
with a "cvar"...

So Ranked Server can disable Download... but for Mod Servers, were using 
these PB Settings... But it is recommend ur change the logfile name
These Exploit works on CoD, CoD:UO, COD2, COD4!

greetz
Gunah

Am 20.09.2010 12:27, schrieb Marco Padovan:
> thanks, I missed this one...
>
> gotta disable logging too....
>
> Il 15/09/2010 23:59, Miha Lepej ha scritto:
>> You also need to be aware that if the server has console logging
>> enabled and produces a console_mp.log or console_mp_server.log in the
>> main folder that can also be downloaded and contains a lot of
>> information of set variables including rcon_password (tested cod2).
>>
>> As far as I know the file can't be renamed and includes the password
>> even if it is set trough command line. I believe this is the command
>> to disable the console log:
>>
>> set logfile 0
>>
>> (not 100%, can someone confirm?)
>>
>> --Miha
>>
>> On Wed, Sep 15, 2010 at 19:49, Morpheus<morpheus at clantoc.org>  wrote:
>>>   If you have full control on the server (startup, environment--say, host it
>>> on a dedicated server), you should do that by passing a set rcon_password to
>>> the server console from the startup script (after the server is up). So no
>>> need to manually set it each time.
>>>
>>> But it can be tricky to do that, depending on how you start the server (and
>>> what OS you run on). Under linux, with server started with SCREEN, it can
>>> easily be done (as you can send commands into the screen taht hosts the
>>> console). But with other methods, I don't know...
>>>
>>> Le 15/09/2010 18:11, Marco Padovan a écrit :
>>>> this works... but is a pain in the ass... as you have to issue the set
>>>> rcon command EVERYTIME you start it :(
>>>>
>>>> On Wed, Sep 15, 2010 at 10:29 AM, Mavrick<mavrick.master at gmail.com>
>>>>   wrote:
>>>>> Probably a silly question but can u set the rcon password in the console
>>>>> query string?
>>>>>
>>>>> If so, why not database the password then just parse it when the server
>>>>> loads? This way anyone can use the exploit if they want but wont get the
>>>>> password?
>>>>>
>>>>> On 15/09/2010 5:45 PM, Nosjp Nosjp wrote:
>>>>>
>>>>> If you set sv_allowdownload "0" - disable all downloads :  built-in
>>>>> download
>>>>> + HTTP redirect download ( it doesn't matter value of sv_wwwDownload)
>>>>>
>>>>> Another solutions: disable console (set sv_disableClientConsole "1") +
>>>>> random .cfg name
>>>>> in case of rcon stealer a player must be connected to server, then player
>>>>> trying to download manually within game console:
>>>>>   /download server.cfg   or /download main/server.cfg  guessing server
>>>>> config
>>>>>
>>>>> Take a look here for more details/solutions:
>>>>>
>>>>> http://game-violations.ggl.com/index.php?page=Thread&postID=99870#post99870
>>>>>
>>>>> On Tue, Sep 14, 2010 at 9:48 PM, Morpheus<morpheus at clantoc.org>    wrote:
>>>>>> I have one question : I have these dvar in my server cfg
>>>>>>
>>>>>> set sv_allowdownload "1"
>>>>>> seta sv_wwwDownload "1"
>>>>>> seta sv_wwwBaseURL"http://whaterver_you_wnat.com/cod"
>>>>>> seta sv_wwwDlDisconnected "1"
>>>>>>
>>>>>> If you put the allowdownload to 0, does it disable the www capability ?
>>>>>> if
>>>>>> we could restrict the download part to http downloading, things could be
>>>>>> easier to cope with.
>>>>>>
>>>>>> Le 14/09/2010 20:44, Nosjp Nosjp a écrit :
>>>>>>
>>>>>> @Marco:
>>>>>>
>>>>>> If you have a server
>>>>>> - without custom maps/mods/pam ->    disable downloads:  seta
>>>>>> sv_allowDownload "0"
>>>>>> - with custom maps/mods/pam ->     disable game console (set
>>>>>> sv_disableClientConsole "1")  + random .cfg name
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Sep 14, 2010 at 9:37 PM, Sheepa<sheepa at sheepa.org>    wrote:
>>>>>>> Is there even any working POC for this?
>>>>>>>
>>>>>>> --------------------------------------------------
>>>>>>> From: "Marco Padovan"<evolutioncrazy at gmail.com>
>>>>>>> Sent: Tuesday, September 14, 2010 8:14 PM
>>>>>>> To: "Call of Duty server admin list."<cod at icculus.org>
>>>>>>> Subject: Re: [cod] Cfg download hacking
>>>>>>>
>>>>>>>> I see...
>>>>>>>>
>>>>>>>> will take the "random cfg filename" path as all other workarounds are
>>>>>>>> not acceptable for my use :(
>>>>>>>>
>>>>>>>> On Tue, Sep 14, 2010 at 8:01 PM, Morpheus<morpheus at clantoc.org>
>>>>>>>>   wrote:
>>>>>>>>>   I think iptables is too low-level to deal with such specific hack
>>>>>>>>> attempts.
>>>>>>>>> At least you can use it to ban IP addresses you catch... It's sad it
>>>>>>>>> has not
>>>>>>>>> been fixed since discovery, with all the games that are using the
>>>>>>>>> codebase...
>>>>>>>>>
>>>>>>>>> Le 14/09/2010 19:32, Marco Padovan a écrit :
>>>>>>>>>> I'm aware of the exploits... was looking for some suggestion on how
>>>>>>>>>> to
>>>>>>>>>> fix them... even via iptables eventually...
>>>>>>>>>>
>>>>>>>>>> On Tue, Sep 14, 2010 at 6:56 PM, James Landi<jim at landi.net>
>>>>>>>>>>   wrote:
>>>>>>>>>>>   The exploit I just posted about could be an older version or not
>>>>>>>>>>> the
>>>>>>>>>>> same
>>>>>>>>>>> as described in this mail list thread.
>>>>>>>>>>>
>>>>>>>>>>> using the second link should give you a good list of quake based
>>>>>>>>>>> exploits
>>>>>>>>>>> you may want to watch for.
>>>>>>>>>>>
>>>>>>>>>>> Sorry for the wrong ling
>>>>>>>>>>>
>>>>>>>>>>> Jim Landi
>>>>>>>>>>> Rudedog
>>>>>>>>>>> FPSadmin.com
>>>>>>>>>>> Microsoft MVP, Games for Windows | Twitter@ therealrudedog
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 9/14/10 12:25 PM, Morpheus wrote:
>>>>>>>>>>>> We're talking about the built-in download system, not the http
>>>>>>>>>>>> redirect
>>>>>>>>>>>> one, which you can control with symlinks and htaccess features.
>>>>>>>>>>>> It's
>>>>>>>>>>>> about a
>>>>>>>>>>>> security hole that virtually exists in all q3-based games (at
>>>>>>>>>>>> least
>>>>>>>>>>>> for
>>>>>>>>>>>> the
>>>>>>>>>>>> net code).
>>>>>>>>>>>>
>>>>>>>>>>>> Le 14/09/2010 18:21, Mavrick a écrit :
>>>>>>>>>>>>> Anyone tried symbolic links?
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:
>>>>>>>>>>>>>> The only one solution:  set sv_allowDownload "0"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Mon, Sep 13, 2010 at 7:45 PM, Marco
>>>>>>>>>>>>>> Padovan<evolutioncrazy at gmail.com
>>>>>>>>>>>>>> <mailto:evolutioncrazy at gmail.com>>      wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>    We are having major hack attempts that consist in people
>>>>>>>>>>>>>>    downloading the cfg files....  currently we had to use random
>>>>>>>>>>>>>>    file names...
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>    is there any solid work around?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>    _______________________________________________
>>>>>>>>>>>>>>    cod mailing list
>>>>>>>>>>>>>>    cod at icculus.org<mailto:cod at icculus.org>
>>>>>>>>>>>>>>    http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> cod mailing list
>>>>>>>>>>>>>> cod at icculus.org
>>>>>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> cod mailing list
>>>>>>>>>>>>> cod at icculus.org
>>>>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> cod mailing list
>>>>>>>>>>>> cod at icculus.org
>>>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> cod mailing list
>>>>>>>>>>> cod at icculus.org
>>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> cod mailing list
>>>>>>>>>> cod at icculus.org
>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>> _______________________________________________
>>>>>>>>> cod mailing list
>>>>>>>>> cod at icculus.org
>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> cod mailing list
>>>>>>>> cod at icculus.org
>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>> _______________________________________________
>>>>>>> cod mailing list
>>>>>>> cod at icculus.org
>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>> _______________________________________________
>>>>>> cod mailing list
>>>>>> cod at icculus.org
>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>
>>>>>> _______________________________________________
>>>>>> cod mailing list
>>>>>> cod at icculus.org
>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>
>>>>> _______________________________________________
>>>>> cod mailing list
>>>>> cod at icculus.org
>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> cod mailing list
>>>>> cod at icculus.org
>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>
>>>>>
>>>> _______________________________________________
>>>> cod mailing list
>>>> cod at icculus.org
>>>> http://icculus.org/mailman/listinfo/cod
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20101029/5e2d3869/attachment.htm>

More information about the cod mailing list