[cod] Cfg download hacking

Marco Padovan evolutioncrazy at gmail.com
Wed Sep 15 12:11:28 EDT 2010


this works... but is a pain in the ass... as you have to issue the set
rcon command EVERYTIME you start it :(

On Wed, Sep 15, 2010 at 10:29 AM, Mavrick <mavrick.master at gmail.com> wrote:
> Probably a silly question but can u set the rcon password in the console
> query string?
>
> If so, why not database the password then just parse it when the server
> loads? This way anyone can use the exploit if they want but wont get the
> password?
>
> On 15/09/2010 5:45 PM, Nosjp Nosjp wrote:
>
> If you set sv_allowdownload "0" - disable all downloads :  built-in download
> + HTTP redirect download ( it doesn't matter value of sv_wwwDownload)
>
> Another solutions: disable console (set sv_disableClientConsole "1") +
> random .cfg name
> in case of rcon stealer a player must be connected to server, then player
> trying to download manually within game console:
>  /download server.cfg   or /download main/server.cfg  guessing server config
>
> Take a look here for more details/solutions:
> http://game-violations.ggl.com/index.php?page=Thread&postID=99870#post99870
>
> On Tue, Sep 14, 2010 at 9:48 PM, Morpheus <morpheus at clantoc.org> wrote:
>>
>> I have one question : I have these dvar in my server cfg
>>
>> set sv_allowdownload "1"
>> seta sv_wwwDownload "1"
>> seta sv_wwwBaseURL "http://whaterver_you_wnat.com/cod"
>> seta sv_wwwDlDisconnected "1"
>>
>> If you put the allowdownload to 0, does it disable the www capability ? if
>> we could restrict the download part to http downloading, things could be
>> easier to cope with.
>>
>> Le 14/09/2010 20:44, Nosjp Nosjp a écrit :
>>
>> @Marco:
>>
>> If you have a server
>> - without custom maps/mods/pam -> disable downloads:  seta
>> sv_allowDownload "0"
>> - with custom maps/mods/pam ->  disable game console (set
>> sv_disableClientConsole "1")  + random .cfg name
>>
>>
>>
>> On Tue, Sep 14, 2010 at 9:37 PM, Sheepa <sheepa at sheepa.org> wrote:
>>>
>>> Is there even any working POC for this?
>>>
>>> --------------------------------------------------
>>> From: "Marco Padovan" <evolutioncrazy at gmail.com>
>>> Sent: Tuesday, September 14, 2010 8:14 PM
>>> To: "Call of Duty server admin list." <cod at icculus.org>
>>> Subject: Re: [cod] Cfg download hacking
>>>
>>>> I see...
>>>>
>>>> will take the "random cfg filename" path as all other workarounds are
>>>> not acceptable for my use :(
>>>>
>>>> On Tue, Sep 14, 2010 at 8:01 PM, Morpheus <morpheus at clantoc.org> wrote:
>>>>>
>>>>>  I think iptables is too low-level to deal with such specific hack
>>>>> attempts.
>>>>> At least you can use it to ban IP addresses you catch... It's sad it
>>>>> has not
>>>>> been fixed since discovery, with all the games that are using the
>>>>> codebase...
>>>>>
>>>>> Le 14/09/2010 19:32, Marco Padovan a écrit :
>>>>>>
>>>>>> I'm aware of the exploits... was looking for some suggestion on how to
>>>>>> fix them... even via iptables eventually...
>>>>>>
>>>>>> On Tue, Sep 14, 2010 at 6:56 PM, James Landi<jim at landi.net>  wrote:
>>>>>>>
>>>>>>>  The exploit I just posted about could be an older version or not the
>>>>>>> same
>>>>>>> as described in this mail list thread.
>>>>>>>
>>>>>>> using the second link should give you a good list of quake based
>>>>>>> exploits
>>>>>>> you may want to watch for.
>>>>>>>
>>>>>>> Sorry for the wrong ling
>>>>>>>
>>>>>>> Jim Landi
>>>>>>> Rudedog
>>>>>>> FPSadmin.com
>>>>>>> Microsoft MVP, Games for Windows | Twitter@ therealrudedog
>>>>>>>
>>>>>>>
>>>>>>> On 9/14/10 12:25 PM, Morpheus wrote:
>>>>>>>>
>>>>>>>> We're talking about the built-in download system, not the http
>>>>>>>> redirect
>>>>>>>> one, which you can control with symlinks and htaccess features. It's
>>>>>>>> about a
>>>>>>>> security hole that virtually exists in all q3-based games (at least
>>>>>>>> for
>>>>>>>> the
>>>>>>>> net code).
>>>>>>>>
>>>>>>>> Le 14/09/2010 18:21, Mavrick a écrit :
>>>>>>>>>
>>>>>>>>> Anyone tried symbolic links?
>>>>>>>>>
>>>>>>>>> On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:
>>>>>>>>>>
>>>>>>>>>> The only one solution:  set sv_allowDownload "0"
>>>>>>>>>>
>>>>>>>>>> On Mon, Sep 13, 2010 at 7:45 PM, Marco
>>>>>>>>>> Padovan<evolutioncrazy at gmail.com
>>>>>>>>>> <mailto:evolutioncrazy at gmail.com>>  wrote:
>>>>>>>>>>
>>>>>>>>>>   We are having major hack attempts that consist in people
>>>>>>>>>>   downloading the cfg files....  currently we had to use random
>>>>>>>>>>   file names...
>>>>>>>>>>
>>>>>>>>>>   is there any solid work around?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>   _______________________________________________
>>>>>>>>>>   cod mailing list
>>>>>>>>>>   cod at icculus.org<mailto:cod at icculus.org>
>>>>>>>>>>   http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> cod mailing list
>>>>>>>>>> cod at icculus.org
>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> cod mailing list
>>>>>>>>> cod at icculus.org
>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> cod mailing list
>>>>>>>> cod at icculus.org
>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> cod mailing list
>>>>>>> cod at icculus.org
>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>
>>>>>> _______________________________________________
>>>>>> cod mailing list
>>>>>> cod at icculus.org
>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>
>>>>> _______________________________________________
>>>>> cod mailing list
>>>>> cod at icculus.org
>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>
>>>> _______________________________________________
>>>> cod mailing list
>>>> cod at icculus.org
>>>> http://icculus.org/mailman/listinfo/cod
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
>


More information about the cod mailing list