<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#ffffff" text="#000000">
In Linux why not set certain permissions on *.log files so only say
the user 'screen' running the program screen can write to these
files. Presumably screen is running the cod4 bin files so it should
have access to that file, so just allow write access and not read...
Would that disable the program from being able to download the file
via this exploit?<br>
<br>
<br>
On 29/10/2010 10:30 PM, Mathis Klooß wrote:
<blockquote id="mid_4CCABE64_4030309_gunah_eu"
cite="mid:4CCABE64.4030309@gunah.eu" type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
Hi There...<br>
<br>
here is an "Very Dirty" "fix", based on PunkBuster.<br>
<br>
// Dirty fix for q3dirtrav based on PunkBuster!<br>
pb_sv_md5toolempty<br>
pb_sv_md5toolfreq 10<br>
pb_sv_md5tool a "" v "abcd.txt" NOT_FOUND<br>
pb_sv_md5tool a "" v "abcd.txt.txt" NOT_FOUND<br>
pb_sv_md5tool a "" v "tmp.txt" NOT_FOUND<br>
pb_sv_md5tool a "" v "q3dirtrav.exe" NOT_FOUND<br>
pb_sv_md5tool a "" v "forfopen.exe" NOT_FOUND<br>
pb_sv_md5toollist<br>
<br>
pb_sv_CvarFreq 2<br>
pb_sv_cvar r_fullscreen IN 1<br>
pb_sv_cvar cl_wwwdownload IN 1<br>
// EOF<br>
<br>
so i have tested these Exploit and it works 100%, only with "set
sv_allowdownload 1"<br>
If these host has use wwwdownload, the Client can disable these
settings with a "cvar"...<br>
<br>
So Ranked Server can disable Download... but for Mod Servers, were
using these PB Settings... But it is recommend ur change the
logfile name<br>
These Exploit works on CoD, CoD:UO, COD2, COD4!<br>
<br>
greetz<br>
Gunah<br>
<br>
Am 20.09.2010 12:27, schrieb Marco Padovan:
<blockquote id="mid_4C973704_6060504_gmail_com"
cite="mid:4C973704.6060504@gmail.com" type="cite">
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
<font size="-1"><font face="Verdana">thanks, I missed this
one...<br>
<br>
gotta disable logging too....<br>
</font></font><br>
Il 15/09/2010 23:59, Miha Lepej ha scritto:
<blockquote
id="mid_AANLkTik744ARkgVJ2ZXisvFASFh68X8XosOFsg02pt2h_mail_gmail_com"
cite="mid:AANLkTik744ARkgVJ2ZXisvFASFh68X8XosOFsg02pt2h@mail.gmail.com"
type="cite">
<pre wrap="">You also need to be aware that if the server has console logging
enabled and produces a console_mp.log or console_mp_server.log in the
main folder that can also be downloaded and contains a lot of
information of set variables including rcon_password (tested cod2).
As far as I know the file can't be renamed and includes the password
even if it is set trough command line. I believe this is the command
to disable the console log:
set logfile 0
(not 100%, can someone confirm?)
--Miha
On Wed, Sep 15, 2010 at 19:49, Morpheus <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:morpheus@clantoc.org"><morpheus@clantoc.org></a> wrote:
</pre>
<blockquote id="StationeryCiteGenerated_1" type="cite">
<pre wrap=""> If you have full control on the server (startup, environment--say, host it
on a dedicated server), you should do that by passing a set rcon_password to
the server console from the startup script (after the server is up). So no
need to manually set it each time.
But it can be tricky to do that, depending on how you start the server (and
what OS you run on). Under linux, with server started with SCREEN, it can
easily be done (as you can send commands into the screen taht hosts the
console). But with other methods, I don't know...
Le 15/09/2010 18:11, Marco Padovan a écrit :
</pre>
<blockquote id="StationeryCiteGenerated_2" type="cite">
<pre wrap="">this works... but is a pain in the ass... as you have to issue the set
rcon command EVERYTIME you start it :(
On Wed, Sep 15, 2010 at 10:29 AM, Mavrick<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:mavrick.master@gmail.com"><mavrick.master@gmail.com></a>
wrote:
</pre>
<blockquote id="StationeryCiteGenerated_3" type="cite">
<pre wrap="">Probably a silly question but can u set the rcon password in the console
query string?
If so, why not database the password then just parse it when the server
loads? This way anyone can use the exploit if they want but wont get the
password?
On 15/09/2010 5:45 PM, Nosjp Nosjp wrote:
If you set sv_allowdownload "0" - disable all downloads : built-in
download
+ HTTP redirect download ( it doesn't matter value of sv_wwwDownload)
Another solutions: disable console (set sv_disableClientConsole "1") +
random .cfg name
in case of rcon stealer a player must be connected to server, then player
trying to download manually within game console:
/download server.cfg or /download main/server.cfg guessing server
config
Take a look here for more details/solutions:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://game-violations.ggl.com/index.php?page=Thread&postID=99870#post99870">http://game-violations.ggl.com/index.php?page=Thread&postID=99870#post99870</a>
On Tue, Sep 14, 2010 at 9:48 PM, Morpheus<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:morpheus@clantoc.org"><morpheus@clantoc.org></a> wrote:
</pre>
<blockquote id="StationeryCiteGenerated_4" type="cite">
<pre wrap="">I have one question : I have these dvar in my server cfg
set sv_allowdownload "1"
seta sv_wwwDownload "1"
seta sv_wwwBaseURL <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="http://whaterver_you_wnat.com/cod">"http://whaterver_you_wnat.com/cod"</a>
seta sv_wwwDlDisconnected "1"
If you put the allowdownload to 0, does it disable the www capability ?
if
we could restrict the download part to http downloading, things could be
easier to cope with.
Le 14/09/2010 20:44, Nosjp Nosjp a écrit :
@Marco:
If you have a server
- without custom maps/mods/pam -> disable downloads: seta
sv_allowDownload "0"
- with custom maps/mods/pam -> disable game console (set
sv_disableClientConsole "1") + random .cfg name
On Tue, Sep 14, 2010 at 9:37 PM, Sheepa<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:sheepa@sheepa.org"><sheepa@sheepa.org></a> wrote:
</pre>
<blockquote id="StationeryCiteGenerated_5" type="cite">
<pre wrap="">Is there even any working POC for this?
--------------------------------------------------
From: "Marco Padovan"<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:evolutioncrazy@gmail.com"><evolutioncrazy@gmail.com></a>
Sent: Tuesday, September 14, 2010 8:14 PM
To: "Call of Duty server admin list."<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:cod@icculus.org"><cod@icculus.org></a>
Subject: Re: [cod] Cfg download hacking
</pre>
<blockquote id="StationeryCiteGenerated_6"
type="cite">
<pre wrap="">I see...
will take the "random cfg filename" path as all other workarounds are
not acceptable for my use :(
On Tue, Sep 14, 2010 at 8:01 PM, Morpheus<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:morpheus@clantoc.org"><morpheus@clantoc.org></a>
wrote:
</pre>
<blockquote id="StationeryCiteGenerated_7"
type="cite">
<pre wrap=""> I think iptables is too low-level to deal with such specific hack
attempts.
At least you can use it to ban IP addresses you catch... It's sad it
has not
been fixed since discovery, with all the games that are using the
codebase...
Le 14/09/2010 19:32, Marco Padovan a écrit :
</pre>
<blockquote id="StationeryCiteGenerated_8"
type="cite">
<pre wrap="">I'm aware of the exploits... was looking for some suggestion on how
to
fix them... even via iptables eventually...
On Tue, Sep 14, 2010 at 6:56 PM, James Landi<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:jim@landi.net"><jim@landi.net></a>
wrote:
</pre>
<blockquote id="StationeryCiteGenerated_9"
type="cite">
<pre wrap=""> The exploit I just posted about could be an older version or not
the
same
as described in this mail list thread.
using the second link should give you a good list of quake based
exploits
you may want to watch for.
Sorry for the wrong ling
Jim Landi
Rudedog
FPSadmin.com
Microsoft MVP, Games for Windows | Twitter@ therealrudedog
On 9/14/10 12:25 PM, Morpheus wrote:
</pre>
<blockquote id="StationeryCiteGenerated_10"
type="cite">
<pre wrap="">We're talking about the built-in download system, not the http
redirect
one, which you can control with symlinks and htaccess features.
It's
about a
security hole that virtually exists in all q3-based games (at
least
for
the
net code).
Le 14/09/2010 18:21, Mavrick a écrit :
</pre>
<blockquote
id="StationeryCiteGenerated_11"
type="cite">
<pre wrap="">Anyone tried symbolic links?
On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:
</pre>
<blockquote
id="StationeryCiteGenerated_12"
type="cite">
<pre wrap="">The only one solution: set sv_allowDownload "0"
On Mon, Sep 13, 2010 at 7:45 PM, Marco
Padovan<<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:evolutioncrazy@gmail.com">evolutioncrazy@gmail.com</a>
<a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:evolutioncrazy@gmail.com"><mailto:evolutioncrazy@gmail.com></a>> wrote:
We are having major hack attempts that consist in people
downloading the cfg files.... currently we had to use random
file names...
is there any solid work around?
_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a><a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:cod@icculus.org"><mailto:cod@icculus.org></a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
cod mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
cod mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<a class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
</pre>
</blockquote>
<br>
</body>
</html>