[cod] Cfg download hacking

Miha Lepej lepko.san at gmail.com
Wed Sep 15 17:59:53 EDT 2010 

You also need to be aware that if the server has console logging
enabled and produces a console_mp.log or console_mp_server.log in the
main folder that can also be downloaded and contains a lot of
information of set variables including rcon_password (tested cod2).

As far as I know the file can't be renamed and includes the password
even if it is set trough command line. I believe this is the command
to disable the console log:

set logfile 0

(not 100%, can someone confirm?)

--Miha

On Wed, Sep 15, 2010 at 19:49, Morpheus <morpheus at clantoc.org> wrote:
>  If you have full control on the server (startup, environment--say, host it
> on a dedicated server), you should do that by passing a set rcon_password to
> the server console from the startup script (after the server is up). So no
> need to manually set it each time.
>
> But it can be tricky to do that, depending on how you start the server (and
> what OS you run on). Under linux, with server started with SCREEN, it can
> easily be done (as you can send commands into the screen taht hosts the
> console). But with other methods, I don't know...
>
> Le 15/09/2010 18:11, Marco Padovan a écrit :
>>
>> this works... but is a pain in the ass... as you have to issue the set
>> rcon command EVERYTIME you start it :(
>>
>> On Wed, Sep 15, 2010 at 10:29 AM, Mavrick<mavrick.master at gmail.com>
>>  wrote:
>>>
>>> Probably a silly question but can u set the rcon password in the console
>>> query string?
>>>
>>> If so, why not database the password then just parse it when the server
>>> loads? This way anyone can use the exploit if they want but wont get the
>>> password?
>>>
>>> On 15/09/2010 5:45 PM, Nosjp Nosjp wrote:
>>>
>>> If you set sv_allowdownload "0" - disable all downloads :  built-in
>>> download
>>> + HTTP redirect download ( it doesn't matter value of sv_wwwDownload)
>>>
>>> Another solutions: disable console (set sv_disableClientConsole "1") +
>>> random .cfg name
>>> in case of rcon stealer a player must be connected to server, then player
>>> trying to download manually within game console:
>>>  /download server.cfg   or /download main/server.cfg  guessing server
>>> config
>>>
>>> Take a look here for more details/solutions:
>>>
>>> http://game-violations.ggl.com/index.php?page=Thread&postID=99870#post99870
>>>
>>> On Tue, Sep 14, 2010 at 9:48 PM, Morpheus<morpheus at clantoc.org>  wrote:
>>>>
>>>> I have one question : I have these dvar in my server cfg
>>>>
>>>> set sv_allowdownload "1"
>>>> seta sv_wwwDownload "1"
>>>> seta sv_wwwBaseURL "http://whaterver_you_wnat.com/cod"
>>>> seta sv_wwwDlDisconnected "1"
>>>>
>>>> If you put the allowdownload to 0, does it disable the www capability ?
>>>> if
>>>> we could restrict the download part to http downloading, things could be
>>>> easier to cope with.
>>>>
>>>> Le 14/09/2010 20:44, Nosjp Nosjp a écrit :
>>>>
>>>> @Marco:
>>>>
>>>> If you have a server
>>>> - without custom maps/mods/pam ->  disable downloads:  seta
>>>> sv_allowDownload "0"
>>>> - with custom maps/mods/pam ->   disable game console (set
>>>> sv_disableClientConsole "1")  + random .cfg name
>>>>
>>>>
>>>>
>>>> On Tue, Sep 14, 2010 at 9:37 PM, Sheepa<sheepa at sheepa.org>  wrote:
>>>>>
>>>>> Is there even any working POC for this?
>>>>>
>>>>> --------------------------------------------------
>>>>> From: "Marco Padovan"<evolutioncrazy at gmail.com>
>>>>> Sent: Tuesday, September 14, 2010 8:14 PM
>>>>> To: "Call of Duty server admin list."<cod at icculus.org>
>>>>> Subject: Re: [cod] Cfg download hacking
>>>>>
>>>>>> I see...
>>>>>>
>>>>>> will take the "random cfg filename" path as all other workarounds are
>>>>>> not acceptable for my use :(
>>>>>>
>>>>>> On Tue, Sep 14, 2010 at 8:01 PM, Morpheus<morpheus at clantoc.org>
>>>>>>  wrote:
>>>>>>>
>>>>>>>  I think iptables is too low-level to deal with such specific hack
>>>>>>> attempts.
>>>>>>> At least you can use it to ban IP addresses you catch... It's sad it
>>>>>>> has not
>>>>>>> been fixed since discovery, with all the games that are using the
>>>>>>> codebase...
>>>>>>>
>>>>>>> Le 14/09/2010 19:32, Marco Padovan a écrit :
>>>>>>>>
>>>>>>>> I'm aware of the exploits... was looking for some suggestion on how
>>>>>>>> to
>>>>>>>> fix them... even via iptables eventually...
>>>>>>>>
>>>>>>>> On Tue, Sep 14, 2010 at 6:56 PM, James Landi<jim at landi.net>
>>>>>>>>  wrote:
>>>>>>>>>
>>>>>>>>>  The exploit I just posted about could be an older version or not
>>>>>>>>> the
>>>>>>>>> same
>>>>>>>>> as described in this mail list thread.
>>>>>>>>>
>>>>>>>>> using the second link should give you a good list of quake based
>>>>>>>>> exploits
>>>>>>>>> you may want to watch for.
>>>>>>>>>
>>>>>>>>> Sorry for the wrong ling
>>>>>>>>>
>>>>>>>>> Jim Landi
>>>>>>>>> Rudedog
>>>>>>>>> FPSadmin.com
>>>>>>>>> Microsoft MVP, Games for Windows | Twitter@ therealrudedog
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 9/14/10 12:25 PM, Morpheus wrote:
>>>>>>>>>>
>>>>>>>>>> We're talking about the built-in download system, not the http
>>>>>>>>>> redirect
>>>>>>>>>> one, which you can control with symlinks and htaccess features.
>>>>>>>>>> It's
>>>>>>>>>> about a
>>>>>>>>>> security hole that virtually exists in all q3-based games (at
>>>>>>>>>> least
>>>>>>>>>> for
>>>>>>>>>> the
>>>>>>>>>> net code).
>>>>>>>>>>
>>>>>>>>>> Le 14/09/2010 18:21, Mavrick a écrit :
>>>>>>>>>>>
>>>>>>>>>>> Anyone tried symbolic links?
>>>>>>>>>>>
>>>>>>>>>>> On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> The only one solution:  set sv_allowDownload "0"
>>>>>>>>>>>>
>>>>>>>>>>>> On Mon, Sep 13, 2010 at 7:45 PM, Marco
>>>>>>>>>>>> Padovan<evolutioncrazy at gmail.com
>>>>>>>>>>>> <mailto:evolutioncrazy at gmail.com>>    wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>   We are having major hack attempts that consist in people
>>>>>>>>>>>>   downloading the cfg files....  currently we had to use random
>>>>>>>>>>>>   file names...
>>>>>>>>>>>>
>>>>>>>>>>>>   is there any solid work around?
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>   _______________________________________________
>>>>>>>>>>>>   cod mailing list
>>>>>>>>>>>>   cod at icculus.org<mailto:cod at icculus.org>
>>>>>>>>>>>>   http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> cod mailing list
>>>>>>>>>>>> cod at icculus.org
>>>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> cod mailing list
>>>>>>>>>>> cod at icculus.org
>>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> cod mailing list
>>>>>>>>>> cod at icculus.org
>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> cod mailing list
>>>>>>>>> cod at icculus.org
>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> cod mailing list
>>>>>>>> cod at icculus.org
>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> cod mailing list
>>>>>>> cod at icculus.org
>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>
>>>>>> _______________________________________________
>>>>>> cod mailing list
>>>>>> cod at icculus.org
>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>
>>>>> _______________________________________________
>>>>> cod mailing list
>>>>> cod at icculus.org
>>>>> http://icculus.org/mailman/listinfo/cod
>>>>
>>>> _______________________________________________
>>>> cod mailing list
>>>> cod at icculus.org
>>>> http://icculus.org/mailman/listinfo/cod
>>>>
>>>> _______________________________________________
>>>> cod mailing list
>>>> cod at icculus.org
>>>> http://icculus.org/mailman/listinfo/cod
>>>>
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>
>>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>

More information about the cod mailing list