[cod] Cfg download hacking
saimon
saimon at optonline.net
Mon Sep 13 18:04:16 EDT 2010
Having spent much time in a Soldier of Fortune clan I can tell you that
yes there is a script that can be run against a server with downloads
turned on that will automatically go after the [in Sof it is the
Sof2mp.cfg] config file that has the rcon password. In my experience
acquiring that password was always the goal the attacker [script kiddie]
would then proceed to kick out/ban all clan members and change the name
of the server the idiots that went around doing this really ruined the
game for a large amount of the community. I can't say for sure or not
if the same script works with all Quake based game it could well be from
the same source I was told that leader of the Sof2 clan Heretic, its
leard Heretic Death was a distributor of this script/tool for a price.
You may also want to open a console while in the game and type download
and see if any directory structures you and hit.
On 9/13/2010 3:33 PM, David at Game-Serve wrote:
> On 13/09/10 20:16, Morpheus wrote:
>> Yes, but it is only relevant with http downloading (I'm simlinking
>> the folder too, but with a good htaccess restrictions, and stricts
>> permission on the files--only readable by the owner). Is it possible
>> to use the client to try downloading the cfg through the built-in
>> protocol ? That could be the major hack, and it can potentially touch
>> every quake-based game, at least those using the same net codebase
>> (cod2 is one of them).
>>
>> But I'm pretty sure it's not the case, and http is the way to follow,
>> and to harden...
>
> You mean like the one that already exists on the quake3 engine based
> games? like mohaa which will allow you to download the config files on
> servers that dont have downloads disabled (set sv_allowDownload "0"),
> whats worse is that mohaa doesn't even use the server-client download
> functions of the quake3 engine but the code must still be in there
> somewhere as the exploit works
>
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20100913/55516fab/attachment.htm>
More information about the cod
mailing list