[cod] Cfg download hacking

Kjell Munkestam kjell.munkestam at telia.com
Wed Sep 15 06:46:24 EDT 2010


In that case, couldn't you just add rcon password parameter to startup
command line and leave it out of cfg file?
 
~SgtBilko
 
 
-----Original Message-----
From: Mavrick [mailto:mavrick.master at gmail.com] 
Sent: den 15 september 2010 10:29
To: Call of Duty server admin list.
Subject: Re: [cod] Cfg download hacking


Probably a silly question but can u set the rcon password in the console
query string?

If so, why not database the password then just parse it when the server
loads? This way anyone can use the exploit if they want but wont get the
password?

On 15/09/2010 5:45 PM, Nosjp Nosjp wrote: 

If you set sv_allowdownload "0" - disable all downloads :  built-in download
+ HTTP redirect download ( it doesn't matter value of sv_wwwDownload)

Another solutions: disable console (set sv_disableClientConsole "1") +
random .cfg name
in case of rcon stealer a player must be connected to server, then player
trying to download manually within game console:
 /download server.cfg   or /download main/server.cfg  guessing server config

Take a look here for more details/solutions:  
http://game-violations.ggl.com/index.php?page=Thread
<http://game-violations.ggl.com/index.php?page=Thread&postID=99870#post99870
> &postID=99870#post99870


On Tue, Sep 14, 2010 at 9:48 PM, Morpheus <morpheus at clantoc.org> wrote:


I have one question : I have these dvar in my server cfg

set sv_allowdownload "1"
seta sv_wwwDownload "1"
seta sv_wwwBaseURL "http://whaterver_you_wnat.com/cod"
<http://whaterver_you_wnat.com/cod> 
seta sv_wwwDlDisconnected "1"

If you put the allowdownload to 0, does it disable the www capability ? if
we could restrict the download part to http downloading, things could be
easier to cope with.

Le 14/09/2010 20:44, Nosjp Nosjp a écrit : 

@Marco: 

If you have a server 
- without custom maps/mods/pam -> disable downloads:  seta sv_allowDownload
"0"
- with custom maps/mods/pam ->  disable game console (set
sv_disableClientConsole "1")  + random .cfg name




On Tue, Sep 14, 2010 at 9:37 PM, Sheepa <sheepa at sheepa.org> wrote:


Is there even any working POC for this?

--------------------------------------------------
From: "Marco Padovan" <evolutioncrazy at gmail.com>
Sent: Tuesday, September 14, 2010 8:14 PM
To: "Call of Duty server admin list." <cod at icculus.org> 

Subject: Re: [cod] Cfg download hacking



I see...

will take the "random cfg filename" path as all other workarounds are
not acceptable for my use :(

On Tue, Sep 14, 2010 at 8:01 PM, Morpheus <morpheus at clantoc.org> wrote:


 I think iptables is too low-level to deal with such specific hack attempts.
At least you can use it to ban IP addresses you catch... It's sad it has not
been fixed since discovery, with all the games that are using the
codebase...

Le 14/09/2010 19:32, Marco Padovan a écrit :



I'm aware of the exploits... was looking for some suggestion on how to
fix them... even via iptables eventually...

On Tue, Sep 14, 2010 at 6:56 PM, James Landi<jim at landi.net>  wrote:



 The exploit I just posted about could be an older version or not the
same
as described in this mail list thread.

using the second link should give you a good list of quake based exploits
you may want to watch for.

Sorry for the wrong ling

Jim Landi
Rudedog
FPSadmin.com
Microsoft MVP, Games for Windows | Twitter@ therealrudedog


On 9/14/10 12:25 PM, Morpheus wrote:



We're talking about the built-in download system, not the http redirect
one, which you can control with symlinks and htaccess features. It's
about a
security hole that virtually exists in all q3-based games (at least for
the
net code).

Le 14/09/2010 18:21, Mavrick a écrit :



Anyone tried symbolic links?

On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:



The only one solution:  set sv_allowDownload "0"

On Mon, Sep 13, 2010 at 7:45 PM, Marco
Padovan<evolutioncrazy at gmail.com
<mailto:evolutioncrazy at gmail.com>>  wrote:

  We are having major hack attempts that consist in people
  downloading the cfg files....  currently we had to use random
  file names...

  is there any solid work around?


  _______________________________________________
  cod mailing list
  cod at icculus.org<mailto:cod at icculus.org>
  http://icculus.org/mailman/listinfo/cod



_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod



_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod



_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod



_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod



_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod



_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod



_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod 


_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod





_______________________________________________

cod mailing list

cod at icculus.org

http://icculus.org/mailman/listinfo/cod


_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod






_______________________________________________

cod mailing list

cod at icculus.org

http://icculus.org/mailman/listinfo/cod


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20100915/60305b51/attachment.htm>


More information about the cod mailing list