hexedit the binary to rename the log file (has to be the same length)<br><br><div class="gmail_quote">On Wed, Sep 15, 2010 at 5:59 PM, Miha Lepej <span dir="ltr"><<a href="mailto:lepko.san@gmail.com">lepko.san@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">You also need to be aware that if the server has console logging<br>
enabled and produces a console_mp.log or console_mp_server.log in the<br>
main folder that can also be downloaded and contains a lot of<br>
information of set variables including rcon_password (tested cod2).<br>
<br>
As far as I know the file can't be renamed and includes the password<br>
even if it is set trough command line. I believe this is the command<br>
to disable the console log:<br>
<br>
set logfile 0<br>
<br>
(not 100%, can someone confirm?)<br>
<font color="#888888"><br>
--Miha<br>
</font><div><div></div><div class="h5"><br>
On Wed, Sep 15, 2010 at 19:49, Morpheus <<a href="mailto:morpheus@clantoc.org">morpheus@clantoc.org</a>> wrote:<br>
> If you have full control on the server (startup, environment--say, host it<br>
> on a dedicated server), you should do that by passing a set rcon_password to<br>
> the server console from the startup script (after the server is up). So no<br>
> need to manually set it each time.<br>
><br>
> But it can be tricky to do that, depending on how you start the server (and<br>
> what OS you run on). Under linux, with server started with SCREEN, it can<br>
> easily be done (as you can send commands into the screen taht hosts the<br>
> console). But with other methods, I don't know...<br>
><br>
> Le 15/09/2010 18:11, Marco Padovan a écrit :<br>
>><br>
>> this works... but is a pain in the ass... as you have to issue the set<br>
>> rcon command EVERYTIME you start it :(<br>
>><br>
>> On Wed, Sep 15, 2010 at 10:29 AM, Mavrick<<a href="mailto:mavrick.master@gmail.com">mavrick.master@gmail.com</a>><br>
>> wrote:<br>
>>><br>
>>> Probably a silly question but can u set the rcon password in the console<br>
>>> query string?<br>
>>><br>
>>> If so, why not database the password then just parse it when the server<br>
>>> loads? This way anyone can use the exploit if they want but wont get the<br>
>>> password?<br>
>>><br>
>>> On 15/09/2010 5:45 PM, Nosjp Nosjp wrote:<br>
>>><br>
>>> If you set sv_allowdownload "0" - disable all downloads : built-in<br>
>>> download<br>
>>> + HTTP redirect download ( it doesn't matter value of sv_wwwDownload)<br>
>>><br>
>>> Another solutions: disable console (set sv_disableClientConsole "1") +<br>
>>> random .cfg name<br>
>>> in case of rcon stealer a player must be connected to server, then player<br>
>>> trying to download manually within game console:<br>
>>> /download server.cfg or /download main/server.cfg guessing server<br>
>>> config<br>
>>><br>
>>> Take a look here for more details/solutions:<br>
>>><br>
>>> <a href="http://game-violations.ggl.com/index.php?page=Thread&postID=99870#post99870" target="_blank">http://game-violations.ggl.com/index.php?page=Thread&postID=99870#post99870</a><br>
>>><br>
>>> On Tue, Sep 14, 2010 at 9:48 PM, Morpheus<<a href="mailto:morpheus@clantoc.org">morpheus@clantoc.org</a>> wrote:<br>
>>>><br>
>>>> I have one question : I have these dvar in my server cfg<br>
>>>><br>
>>>> set sv_allowdownload "1"<br>
>>>> seta sv_wwwDownload "1"<br>
>>>> seta sv_wwwBaseURL "<a href="http://whaterver_you_wnat.com/cod" target="_blank">http://whaterver_you_wnat.com/cod</a>"<br>
>>>> seta sv_wwwDlDisconnected "1"<br>
>>>><br>
>>>> If you put the allowdownload to 0, does it disable the www capability ?<br>
>>>> if<br>
>>>> we could restrict the download part to http downloading, things could be<br>
>>>> easier to cope with.<br>
>>>><br>
>>>> Le 14/09/2010 20:44, Nosjp Nosjp a écrit :<br>
>>>><br>
>>>> @Marco:<br>
>>>><br>
>>>> If you have a server<br>
>>>> - without custom maps/mods/pam -> disable downloads: seta<br>
>>>> sv_allowDownload "0"<br>
>>>> - with custom maps/mods/pam -> disable game console (set<br>
>>>> sv_disableClientConsole "1") + random .cfg name<br>
>>>><br>
>>>><br>
>>>><br>
>>>> On Tue, Sep 14, 2010 at 9:37 PM, Sheepa<<a href="mailto:sheepa@sheepa.org">sheepa@sheepa.org</a>> wrote:<br>
>>>>><br>
>>>>> Is there even any working POC for this?<br>
>>>>><br>
>>>>> --------------------------------------------------<br>
>>>>> From: "Marco Padovan"<<a href="mailto:evolutioncrazy@gmail.com">evolutioncrazy@gmail.com</a>><br>
>>>>> Sent: Tuesday, September 14, 2010 8:14 PM<br>
>>>>> To: "Call of Duty server admin list."<<a href="mailto:cod@icculus.org">cod@icculus.org</a>><br>
>>>>> Subject: Re: [cod] Cfg download hacking<br>
>>>>><br>
>>>>>> I see...<br>
>>>>>><br>
>>>>>> will take the "random cfg filename" path as all other workarounds are<br>
>>>>>> not acceptable for my use :(<br>
>>>>>><br>
>>>>>> On Tue, Sep 14, 2010 at 8:01 PM, Morpheus<<a href="mailto:morpheus@clantoc.org">morpheus@clantoc.org</a>><br>
>>>>>> wrote:<br>
>>>>>>><br>
>>>>>>> I think iptables is too low-level to deal with such specific hack<br>
>>>>>>> attempts.<br>
>>>>>>> At least you can use it to ban IP addresses you catch... It's sad it<br>
>>>>>>> has not<br>
>>>>>>> been fixed since discovery, with all the games that are using the<br>
>>>>>>> codebase...<br>
>>>>>>><br>
>>>>>>> Le 14/09/2010 19:32, Marco Padovan a écrit :<br>
>>>>>>>><br>
>>>>>>>> I'm aware of the exploits... was looking for some suggestion on how<br>
>>>>>>>> to<br>
>>>>>>>> fix them... even via iptables eventually...<br>
>>>>>>>><br>
>>>>>>>> On Tue, Sep 14, 2010 at 6:56 PM, James Landi<<a href="mailto:jim@landi.net">jim@landi.net</a>><br>
>>>>>>>> wrote:<br>
>>>>>>>>><br>
>>>>>>>>> The exploit I just posted about could be an older version or not<br>
>>>>>>>>> the<br>
>>>>>>>>> same<br>
>>>>>>>>> as described in this mail list thread.<br>
>>>>>>>>><br>
>>>>>>>>> using the second link should give you a good list of quake based<br>
>>>>>>>>> exploits<br>
>>>>>>>>> you may want to watch for.<br>
>>>>>>>>><br>
>>>>>>>>> Sorry for the wrong ling<br>
>>>>>>>>><br>
>>>>>>>>> Jim Landi<br>
>>>>>>>>> Rudedog<br>
>>>>>>>>> FPSadmin.com<br>
>>>>>>>>> Microsoft MVP, Games for Windows | Twitter@ therealrudedog<br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>> On 9/14/10 12:25 PM, Morpheus wrote:<br>
>>>>>>>>>><br>
>>>>>>>>>> We're talking about the built-in download system, not the http<br>
>>>>>>>>>> redirect<br>
>>>>>>>>>> one, which you can control with symlinks and htaccess features.<br>
>>>>>>>>>> It's<br>
>>>>>>>>>> about a<br>
>>>>>>>>>> security hole that virtually exists in all q3-based games (at<br>
>>>>>>>>>> least<br>
>>>>>>>>>> for<br>
>>>>>>>>>> the<br>
>>>>>>>>>> net code).<br>
>>>>>>>>>><br>
>>>>>>>>>> Le 14/09/2010 18:21, Mavrick a écrit :<br>
>>>>>>>>>>><br>
>>>>>>>>>>> Anyone tried symbolic links?<br>
>>>>>>>>>>><br>
>>>>>>>>>>> On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:<br>
>>>>>>>>>>>><br>
>>>>>>>>>>>> The only one solution: set sv_allowDownload "0"<br>
>>>>>>>>>>>><br>
>>>>>>>>>>>> On Mon, Sep 13, 2010 at 7:45 PM, Marco<br>
>>>>>>>>>>>> Padovan<<a href="mailto:evolutioncrazy@gmail.com">evolutioncrazy@gmail.com</a><br>
>>>>>>>>>>>> <mailto:<a href="mailto:evolutioncrazy@gmail.com">evolutioncrazy@gmail.com</a>>> wrote:<br>
>>>>>>>>>>>><br>
>>>>>>>>>>>> We are having major hack attempts that consist in people<br>
>>>>>>>>>>>> downloading the cfg files.... currently we had to use random<br>
>>>>>>>>>>>> file names...<br>
>>>>>>>>>>>><br>
>>>>>>>>>>>> is there any solid work around?<br>
>>>>>>>>>>>><br>
>>>>>>>>>>>><br>
>>>>>>>>>>>> _______________________________________________<br>
>>>>>>>>>>>> cod mailing list<br>
>>>>>>>>>>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><mailto:<a href="mailto:cod@icculus.org">cod@icculus.org</a>><br>
>>>>>>>>>>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>>>>>>>>>>><br>
>>>>>>>>>>>><br>
>>>>>>>>>>>><br>
>>>>>>>>>>>> _______________________________________________<br>
>>>>>>>>>>>> cod mailing list<br>
>>>>>>>>>>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>>>>>>>>>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>>>>>>>>>><br>
>>>>>>>>>>> _______________________________________________<br>
>>>>>>>>>>> cod mailing list<br>
>>>>>>>>>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>>>>>>>>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>>>>>>>>><br>
>>>>>>>>>> _______________________________________________<br>
>>>>>>>>>> cod mailing list<br>
>>>>>>>>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>>>>>>>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>>>>>>>><br>
>>>>>>>>> _______________________________________________<br>
>>>>>>>>> cod mailing list<br>
>>>>>>>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>>>>>>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>>>>>>>><br>
>>>>>>>> _______________________________________________<br>
>>>>>>>> cod mailing list<br>
>>>>>>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>>>>>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>>>>>><br>
>>>>>>> _______________________________________________<br>
>>>>>>> cod mailing list<br>
>>>>>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>>>>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>>>>>><br>
>>>>>> _______________________________________________<br>
>>>>>> cod mailing list<br>
>>>>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>>>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>>>><br>
>>>>> _______________________________________________<br>
>>>>> cod mailing list<br>
>>>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>>><br>
>>>> _______________________________________________<br>
>>>> cod mailing list<br>
>>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>>><br>
>>>> _______________________________________________<br>
>>>> cod mailing list<br>
>>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>>><br>
>>><br>
>>> _______________________________________________<br>
>>> cod mailing list<br>
>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>><br>
>>><br>
>>> _______________________________________________<br>
>>> cod mailing list<br>
>>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
>>><br>
>>><br>
>> _______________________________________________<br>
>> cod mailing list<br>
>> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
>> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
><br>
> _______________________________________________<br>
> cod mailing list<br>
> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
><br>
_______________________________________________<br>
cod mailing list<br>
<a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
<a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><i><b><font size="1"><span style="font-family: tahoma,sans-serif;">Geoff Goas</span><br style="font-family: tahoma,sans-serif;"><span style="font-family: tahoma,sans-serif;">Systems Engineer</span></font></b></i><br>
<br>