[cod] Cfg download hacking

Leadly leadbritches at austinservers.com
Mon Sep 13 18:46:29 EDT 2010 

 ". that word. I do not think it means what you think it means."  >;o)

 

con.spic.u.ous (k n-sp k y - s). adj. 1. Easy to notice; obvious.

 

I believe you meant inconspicuously.

 

in.con.spic.u.ous ( n k n-sp k y - s). adj. Not readily noticeable.

 

From: Geoff Goas [mailto:gitman at gmail.com] 
Sent: Monday, September 13, 2010 5:37 PM
To: Call of Duty server admin list.
Subject: Re: [cod] Cfg download hacking

 

I had this very same problem and posted to this list about it not too long
ago. Its all Q3-based games.

Make sure your configs are conspicuously named, and if they do happen to be
available in the same path, that you put some sort of rewrite rule in to
deny access.

On Mon, Sep 13, 2010 at 6:04 PM, saimon <saimon at optonline.net> wrote:

Having spent much time in a Soldier of Fortune clan I can tell you that yes
there is a script that can be run against a server with downloads turned on
that will automatically go after the [in Sof it is the Sof2mp.cfg] config
file that has the rcon password.  In my experience acquiring that password
was always the goal the attacker [script kiddie] would then proceed to kick
out/ban all clan members and change the name of the server the idiots that
went around doing this really ruined the game for a large amount of the
community.  I can't say for sure or not if the same script works with all
Quake based game it could well be from the same source I was told that
leader of the Sof2 clan  Heretic,  its leard  Heretic Death was a
distributor of this script/tool for a price.  You may also want to open a
console while in the game and type download and see if any directory
structures you and hit.



On 9/13/2010 3:33 PM, David at Game-Serve wrote: 

On 13/09/10 20:16, Morpheus wrote: 

Yes, but it is only relevant with http downloading (I'm simlinking the
folder too, but with a good htaccess restrictions, and stricts permission on
the files--only readable by the owner). Is it possible to use the client to
try downloading the cfg through the built-in protocol ? That could be the
major hack, and it can potentially touch every quake-based game, at least
those using the same net codebase (cod2 is one of them).

But I'm pretty sure it's not the case, and http is the way to follow, and to
harden...


You mean like the one that already exists on the quake3 engine based games?
like mohaa which will allow you to download the config files on servers that
dont have downloads disabled (set sv_allowDownload "0"), whats worse is that
mohaa doesn't even use the server-client download functions of the quake3
engine but the code must still be in there somewhere as the exploit works



 
_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod
  


_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod




-- 
Geoff Goas
Network Engineer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20100913/375de118/attachment-0001.htm>

More information about the cod mailing list