[cod] Cfg download hacking

Marco Padovan evolutioncrazy at gmail.com
Mon Sep 20 06:27:16 EDT 2010 

  thanks, I missed this one...

gotta disable logging too....

Il 15/09/2010 23:59, Miha Lepej ha scritto:
> You also need to be aware that if the server has console logging
> enabled and produces a console_mp.log or console_mp_server.log in the
> main folder that can also be downloaded and contains a lot of
> information of set variables including rcon_password (tested cod2).
>
> As far as I know the file can't be renamed and includes the password
> even if it is set trough command line. I believe this is the command
> to disable the console log:
>
> set logfile 0
>
> (not 100%, can someone confirm?)
>
> --Miha
>
> On Wed, Sep 15, 2010 at 19:49, Morpheus<morpheus at clantoc.org>  wrote:
>>   If you have full control on the server (startup, environment--say, host it
>> on a dedicated server), you should do that by passing a set rcon_password to
>> the server console from the startup script (after the server is up). So no
>> need to manually set it each time.
>>
>> But it can be tricky to do that, depending on how you start the server (and
>> what OS you run on). Under linux, with server started with SCREEN, it can
>> easily be done (as you can send commands into the screen taht hosts the
>> console). But with other methods, I don't know...
>>
>> Le 15/09/2010 18:11, Marco Padovan a écrit :
>>> this works... but is a pain in the ass... as you have to issue the set
>>> rcon command EVERYTIME you start it :(
>>>
>>> On Wed, Sep 15, 2010 at 10:29 AM, Mavrick<mavrick.master at gmail.com>
>>>   wrote:
>>>> Probably a silly question but can u set the rcon password in the console
>>>> query string?
>>>>
>>>> If so, why not database the password then just parse it when the server
>>>> loads? This way anyone can use the exploit if they want but wont get the
>>>> password?
>>>>
>>>> On 15/09/2010 5:45 PM, Nosjp Nosjp wrote:
>>>>
>>>> If you set sv_allowdownload "0" - disable all downloads :  built-in
>>>> download
>>>> + HTTP redirect download ( it doesn't matter value of sv_wwwDownload)
>>>>
>>>> Another solutions: disable console (set sv_disableClientConsole "1") +
>>>> random .cfg name
>>>> in case of rcon stealer a player must be connected to server, then player
>>>> trying to download manually within game console:
>>>>   /download server.cfg   or /download main/server.cfg  guessing server
>>>> config
>>>>
>>>> Take a look here for more details/solutions:
>>>>
>>>> http://game-violations.ggl.com/index.php?page=Thread&postID=99870#post99870
>>>>
>>>> On Tue, Sep 14, 2010 at 9:48 PM, Morpheus<morpheus at clantoc.org>    wrote:
>>>>> I have one question : I have these dvar in my server cfg
>>>>>
>>>>> set sv_allowdownload "1"
>>>>> seta sv_wwwDownload "1"
>>>>> seta sv_wwwBaseURL "http://whaterver_you_wnat.com/cod"
>>>>> seta sv_wwwDlDisconnected "1"
>>>>>
>>>>> If you put the allowdownload to 0, does it disable the www capability ?
>>>>> if
>>>>> we could restrict the download part to http downloading, things could be
>>>>> easier to cope with.
>>>>>
>>>>> Le 14/09/2010 20:44, Nosjp Nosjp a écrit :
>>>>>
>>>>> @Marco:
>>>>>
>>>>> If you have a server
>>>>> - without custom maps/mods/pam ->    disable downloads:  seta
>>>>> sv_allowDownload "0"
>>>>> - with custom maps/mods/pam ->     disable game console (set
>>>>> sv_disableClientConsole "1")  + random .cfg name
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Sep 14, 2010 at 9:37 PM, Sheepa<sheepa at sheepa.org>    wrote:
>>>>>> Is there even any working POC for this?
>>>>>>
>>>>>> --------------------------------------------------
>>>>>> From: "Marco Padovan"<evolutioncrazy at gmail.com>
>>>>>> Sent: Tuesday, September 14, 2010 8:14 PM
>>>>>> To: "Call of Duty server admin list."<cod at icculus.org>
>>>>>> Subject: Re: [cod] Cfg download hacking
>>>>>>
>>>>>>> I see...
>>>>>>>
>>>>>>> will take the "random cfg filename" path as all other workarounds are
>>>>>>> not acceptable for my use :(
>>>>>>>
>>>>>>> On Tue, Sep 14, 2010 at 8:01 PM, Morpheus<morpheus at clantoc.org>
>>>>>>>   wrote:
>>>>>>>>   I think iptables is too low-level to deal with such specific hack
>>>>>>>> attempts.
>>>>>>>> At least you can use it to ban IP addresses you catch... It's sad it
>>>>>>>> has not
>>>>>>>> been fixed since discovery, with all the games that are using the
>>>>>>>> codebase...
>>>>>>>>
>>>>>>>> Le 14/09/2010 19:32, Marco Padovan a écrit :
>>>>>>>>> I'm aware of the exploits... was looking for some suggestion on how
>>>>>>>>> to
>>>>>>>>> fix them... even via iptables eventually...
>>>>>>>>>
>>>>>>>>> On Tue, Sep 14, 2010 at 6:56 PM, James Landi<jim at landi.net>
>>>>>>>>>   wrote:
>>>>>>>>>>   The exploit I just posted about could be an older version or not
>>>>>>>>>> the
>>>>>>>>>> same
>>>>>>>>>> as described in this mail list thread.
>>>>>>>>>>
>>>>>>>>>> using the second link should give you a good list of quake based
>>>>>>>>>> exploits
>>>>>>>>>> you may want to watch for.
>>>>>>>>>>
>>>>>>>>>> Sorry for the wrong ling
>>>>>>>>>>
>>>>>>>>>> Jim Landi
>>>>>>>>>> Rudedog
>>>>>>>>>> FPSadmin.com
>>>>>>>>>> Microsoft MVP, Games for Windows | Twitter@ therealrudedog
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 9/14/10 12:25 PM, Morpheus wrote:
>>>>>>>>>>> We're talking about the built-in download system, not the http
>>>>>>>>>>> redirect
>>>>>>>>>>> one, which you can control with symlinks and htaccess features.
>>>>>>>>>>> It's
>>>>>>>>>>> about a
>>>>>>>>>>> security hole that virtually exists in all q3-based games (at
>>>>>>>>>>> least
>>>>>>>>>>> for
>>>>>>>>>>> the
>>>>>>>>>>> net code).
>>>>>>>>>>>
>>>>>>>>>>> Le 14/09/2010 18:21, Mavrick a écrit :
>>>>>>>>>>>> Anyone tried symbolic links?
>>>>>>>>>>>>
>>>>>>>>>>>> On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:
>>>>>>>>>>>>> The only one solution:  set sv_allowDownload "0"
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Mon, Sep 13, 2010 at 7:45 PM, Marco
>>>>>>>>>>>>> Padovan<evolutioncrazy at gmail.com
>>>>>>>>>>>>> <mailto:evolutioncrazy at gmail.com>>      wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>    We are having major hack attempts that consist in people
>>>>>>>>>>>>>    downloading the cfg files....  currently we had to use random
>>>>>>>>>>>>>    file names...
>>>>>>>>>>>>>
>>>>>>>>>>>>>    is there any solid work around?
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>    _______________________________________________
>>>>>>>>>>>>>    cod mailing list
>>>>>>>>>>>>>    cod at icculus.org<mailto:cod at icculus.org>
>>>>>>>>>>>>>    http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> cod mailing list
>>>>>>>>>>>>> cod at icculus.org
>>>>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> cod mailing list
>>>>>>>>>>>> cod at icculus.org
>>>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> cod mailing list
>>>>>>>>>>> cod at icculus.org
>>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>> _______________________________________________
>>>>>>>>>> cod mailing list
>>>>>>>>>> cod at icculus.org
>>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> cod mailing list
>>>>>>>>> cod at icculus.org
>>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>> _______________________________________________
>>>>>>>> cod mailing list
>>>>>>>> cod at icculus.org
>>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> cod mailing list
>>>>>>> cod at icculus.org
>>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>> _______________________________________________
>>>>>> cod mailing list
>>>>>> cod at icculus.org
>>>>>> http://icculus.org/mailman/listinfo/cod
>>>>> _______________________________________________
>>>>> cod mailing list
>>>>> cod at icculus.org
>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>
>>>>> _______________________________________________
>>>>> cod mailing list
>>>>> cod at icculus.org
>>>>> http://icculus.org/mailman/listinfo/cod
>>>>>
>>>> _______________________________________________
>>>> cod mailing list
>>>> cod at icculus.org
>>>> http://icculus.org/mailman/listinfo/cod
>>>>
>>>>
>>>> _______________________________________________
>>>> cod mailing list
>>>> cod at icculus.org
>>>> http://icculus.org/mailman/listinfo/cod
>>>>
>>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20100920/07322a01/attachment-0001.htm>

More information about the cod mailing list