[cod] Cfg download hacking

Morpheus morpheus at clantoc.org
Wed Sep 15 13:49:09 EDT 2010 

  If you have full control on the server (startup, environment--say, 
host it on a dedicated server), you should do that by passing a set 
rcon_password to the server console from the startup script (after the 
server is up). So no need to manually set it each time.

But it can be tricky to do that, depending on how you start the server 
(and what OS you run on). Under linux, with server started with SCREEN, 
it can easily be done (as you can send commands into the screen taht 
hosts the console). But with other methods, I don't know...

Le 15/09/2010 18:11, Marco Padovan a écrit :
> this works... but is a pain in the ass... as you have to issue the set
> rcon command EVERYTIME you start it :(
>
> On Wed, Sep 15, 2010 at 10:29 AM, Mavrick<mavrick.master at gmail.com>  wrote:
>> Probably a silly question but can u set the rcon password in the console
>> query string?
>>
>> If so, why not database the password then just parse it when the server
>> loads? This way anyone can use the exploit if they want but wont get the
>> password?
>>
>> On 15/09/2010 5:45 PM, Nosjp Nosjp wrote:
>>
>> If you set sv_allowdownload "0" - disable all downloads :  built-in download
>> + HTTP redirect download ( it doesn't matter value of sv_wwwDownload)
>>
>> Another solutions: disable console (set sv_disableClientConsole "1") +
>> random .cfg name
>> in case of rcon stealer a player must be connected to server, then player
>> trying to download manually within game console:
>>   /download server.cfg   or /download main/server.cfg  guessing server config
>>
>> Take a look here for more details/solutions:
>> http://game-violations.ggl.com/index.php?page=Thread&postID=99870#post99870
>>
>> On Tue, Sep 14, 2010 at 9:48 PM, Morpheus<morpheus at clantoc.org>  wrote:
>>> I have one question : I have these dvar in my server cfg
>>>
>>> set sv_allowdownload "1"
>>> seta sv_wwwDownload "1"
>>> seta sv_wwwBaseURL "http://whaterver_you_wnat.com/cod"
>>> seta sv_wwwDlDisconnected "1"
>>>
>>> If you put the allowdownload to 0, does it disable the www capability ? if
>>> we could restrict the download part to http downloading, things could be
>>> easier to cope with.
>>>
>>> Le 14/09/2010 20:44, Nosjp Nosjp a écrit :
>>>
>>> @Marco:
>>>
>>> If you have a server
>>> - without custom maps/mods/pam ->  disable downloads:  seta
>>> sv_allowDownload "0"
>>> - with custom maps/mods/pam ->   disable game console (set
>>> sv_disableClientConsole "1")  + random .cfg name
>>>
>>>
>>>
>>> On Tue, Sep 14, 2010 at 9:37 PM, Sheepa<sheepa at sheepa.org>  wrote:
>>>> Is there even any working POC for this?
>>>>
>>>> --------------------------------------------------
>>>> From: "Marco Padovan"<evolutioncrazy at gmail.com>
>>>> Sent: Tuesday, September 14, 2010 8:14 PM
>>>> To: "Call of Duty server admin list."<cod at icculus.org>
>>>> Subject: Re: [cod] Cfg download hacking
>>>>
>>>>> I see...
>>>>>
>>>>> will take the "random cfg filename" path as all other workarounds are
>>>>> not acceptable for my use :(
>>>>>
>>>>> On Tue, Sep 14, 2010 at 8:01 PM, Morpheus<morpheus at clantoc.org>  wrote:
>>>>>>   I think iptables is too low-level to deal with such specific hack
>>>>>> attempts.
>>>>>> At least you can use it to ban IP addresses you catch... It's sad it
>>>>>> has not
>>>>>> been fixed since discovery, with all the games that are using the
>>>>>> codebase...
>>>>>>
>>>>>> Le 14/09/2010 19:32, Marco Padovan a écrit :
>>>>>>> I'm aware of the exploits... was looking for some suggestion on how to
>>>>>>> fix them... even via iptables eventually...
>>>>>>>
>>>>>>> On Tue, Sep 14, 2010 at 6:56 PM, James Landi<jim at landi.net>    wrote:
>>>>>>>>   The exploit I just posted about could be an older version or not the
>>>>>>>> same
>>>>>>>> as described in this mail list thread.
>>>>>>>>
>>>>>>>> using the second link should give you a good list of quake based
>>>>>>>> exploits
>>>>>>>> you may want to watch for.
>>>>>>>>
>>>>>>>> Sorry for the wrong ling
>>>>>>>>
>>>>>>>> Jim Landi
>>>>>>>> Rudedog
>>>>>>>> FPSadmin.com
>>>>>>>> Microsoft MVP, Games for Windows | Twitter@ therealrudedog
>>>>>>>>
>>>>>>>>
>>>>>>>> On 9/14/10 12:25 PM, Morpheus wrote:
>>>>>>>>> We're talking about the built-in download system, not the http
>>>>>>>>> redirect
>>>>>>>>> one, which you can control with symlinks and htaccess features. It's
>>>>>>>>> about a
>>>>>>>>> security hole that virtually exists in all q3-based games (at least
>>>>>>>>> for
>>>>>>>>> the
>>>>>>>>> net code).
>>>>>>>>>
>>>>>>>>> Le 14/09/2010 18:21, Mavrick a écrit :
>>>>>>>>>> Anyone tried symbolic links?
>>>>>>>>>>
>>>>>>>>>> On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:
>>>>>>>>>>> The only one solution:  set sv_allowDownload "0"
>>>>>>>>>>>
>>>>>>>>>>> On Mon, Sep 13, 2010 at 7:45 PM, Marco
>>>>>>>>>>> Padovan<evolutioncrazy at gmail.com
>>>>>>>>>>> <mailto:evolutioncrazy at gmail.com>>    wrote:
>>>>>>>>>>>
>>>>>>>>>>>    We are having major hack attempts that consist in people
>>>>>>>>>>>    downloading the cfg files....  currently we had to use random
>>>>>>>>>>>    file names...
>>>>>>>>>>>
>>>>>>>>>>>    is there any solid work around?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>    _______________________________________________
>>>>>>>>>>>    cod mailing list
>>>>>>>>>>>    cod at icculus.org<mailto:cod at icculus.org>
>>>>>>>>>>>    http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> cod mailing list
>>>>>>>>>>> cod at icculus.org
>>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>> _______________________________________________
>>>>>>>>>> cod mailing list
>>>>>>>>>> cod at icculus.org
>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>> _______________________________________________
>>>>>>>>> cod mailing list
>>>>>>>>> cod at icculus.org
>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>> _______________________________________________
>>>>>>>> cod mailing list
>>>>>>>> cod at icculus.org
>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> cod mailing list
>>>>>>> cod at icculus.org
>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>> _______________________________________________
>>>>>> cod mailing list
>>>>>> cod at icculus.org
>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>
>>>>> _______________________________________________
>>>>> cod mailing list
>>>>> cod at icculus.org
>>>>> http://icculus.org/mailman/listinfo/cod
>>>> _______________________________________________
>>>> cod mailing list
>>>> cod at icculus.org
>>>> http://icculus.org/mailman/listinfo/cod
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
>>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod

More information about the cod mailing list