Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 20:16

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 23 posts ] 
Author Message
 Post subject: Q3: Multircon
PostPosted: 30 Dec 2007 23:34 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
luigi, if a server has rcon block patch stopping the anti brute force, doesn't that mean you can guess the rcon quicker using something like -d 1 -b and you'll geuss it because everytime it types it in, it'll say bad rconpassword instead of nothing? If it is too fast, what is the maximum speed it can go to guess the rcon?


Top
 Profile  
 
 
 Post subject:
PostPosted: 31 Dec 2007 17:08 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
if a server uses the anti-half-second-limit (the q3rconz patch) and you want to use multircon to guess its password you should use a delay equal or major than the ping you have with that server (it can be the game's ping or just the classical ping command).


Top
 Profile  
 
 Post subject:
PostPosted: 02 Jan 2008 22:07 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
so say if the server is located in europe, i get 120 to 140 ping, do i put it on -d 130 ? or the max of like 150


Top
 Profile  
 
 Post subject:
PostPosted: 02 Jan 2008 22:53 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
if you will use 150 you will be sure that if you catch the right password you will see it display correctly. if you use smaller values (you can use also 50) there is the risk that you will receive the "valid" message 5 or more passwords later, which is not a big problem anyway just to let you know.


Top
 Profile  
 
 Post subject:
PostPosted: 02 Jan 2008 23:37 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
yes ive done -d 1 -b on a server i get 60 to 95 ping at, and it's gotten the password but it appears to have skipped the correct password, would u be able to make an option that allows it to scan the last 100 options? (im saying 100 just incase :P)


Top
 Profile  
 
 Post subject:
PostPosted: 04 Jan 2008 19:47 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
could be an useful option, anyway if you use brute forcing or wordlist this is not a great problem because in the first case is just enough to retry the bruteforcing from one of the most recente keywords (recovery) and in the second one something similar or just check the latest keywords before the tool stopped (the last password is ever visualized)


Top
 Profile  
 
 Post subject:
PostPosted: 05 Jan 2008 20:54 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
>_>
ok these people made a work-around to the rcon block patch thing u did, so instead of it saying "Bad rconpassword." they renamed that to something completely different, now u can't guess it or block it
Code:
- rcon type 0 "Quake 3 engine"
- check if rcon is active
- reply from the server:
  Invalid rconpass.

- password guessing with command "cvarlist rcon"
- start brute forcing (69 - "27960")
2

PASSWORD FOUND!!! (2)
Invalid rconpass.

when in reality, its supposed to say bad rconpassword and thinks its not so i guess it assumes if its not "Bad rconpassword" its the correct password which the number 2 but it's not, is there anyway to fix that so it'll still like block or something?


Top
 Profile  
 
 Post subject:
PostPosted: 07 Jan 2008 11:46 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
for blocking rcon in these cases I can add an additional option for continuing the flooding also if password is found (or any other message).
Let me know if this is what you meant.


Top
 Profile  
 
 Post subject:
PostPosted: 07 Jan 2008 16:33 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
yeah!! that's perfect :) thanks luigi


Top
 Profile  
 
 Post subject:
PostPosted: 08 Jan 2008 20:18 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
added -x to version 0.2.3


Top
 Profile  
 
 Post subject:
PostPosted: 08 Jan 2008 23:23 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
cool

er but now, what do u do if they renamed rcon and still have the "invalid rconpass." lol... it wont rcon block if the rcon is renamed, it thinks the servers dead or something
Code:
- rcon type 0 "Quake 3 engine"
- check if rcon is active

Error: no reply received, the server is offline or uses a different protocol
it's up i see it on my list... :P when u type /rcon using rconaddress or in-game it says unknown command


Top
 Profile  
 
 Post subject:
PostPosted: 09 Jan 2008 10:22 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
don't use -i and it will work


Top
 Profile  
 
 Post subject:
PostPosted: 09 Jan 2008 23:57 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
eh, without -i i get the same thing, 'cause rcon is changed to something probably like nocr

Code:
C:\>q3engine\multircon\multircon -d 1 -b 62.4.74.250 30600

Multi engine RCON tool and password guesser 0.2.3
by Luigi Auriemma
e-mail: aluigi@autistici.org
web:    aluigi.org

- target   62.4.74.250 : 30600
- rcon type 0 "Quake 3 engine"
- check if rcon is active

Error: no reply received, the server is offline or uses a different protocol


Top
 Profile  
 
 Post subject:
PostPosted: 10 Jan 2008 17:11 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
you missed -x and the parameters of -b
with -x the tool does the floods also if the server doesn't exist, that's why you can't get errors if you use that option


Top
 Profile  
 
 Post subject:
PostPosted: 10 Jan 2008 23:06 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
Code:
C:\>q3engine\multircon\multircon -x -d 1 -b 10 az09 62.4.74.250 30600

Multi engine RCON tool and password guesser 0.2.3
by Luigi Auriemma
e-mail: aluigi@autistici.org
web:    aluigi.org

- target   62.4.74.250 : 30600
- rcon type 0 "Quake 3 engine"
- check if rcon is active

Error: no reply received, the server is offline or uses a different protocol
Seems to have the same problem. You try it. The server IS up, but the rcon is renamed to something else. I did it with and without -i option.


Top
 Profile  
 
 Post subject:
PostPosted: 11 Jan 2008 10:44 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
damn, you are right.
I will adjust the -x option later


Top
 Profile  
 
 Post subject:
PostPosted: 11 Jan 2008 22:19 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
:D ok thanks, tell me when you've updated it


Top
 Profile  
 
 Post subject:
PostPosted: 11 Feb 2008 07:13 

Joined: 11 Feb 2008 07:10
Posts: 17
hello, i got the scon guesser now for 2 days and let scanned 2 servers both for 6 hours but i got nothing. Someone tolld me to put values on it but he says "go ask it on aluigi's forum" so if my ping = 40 than i put after -x 40 ? it's just totally new for meso sorry if you think im dump ;) started with hacking one month ago.

Thanks


Top
 Profile  
 
 Post subject:
PostPosted: 11 Feb 2008 13:03 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I premise that using brute forcing for finding a remote password requires really a biiiig luck, tons of time and in the case of a normal installation of games based on the Quake 3 engine I can just define it impossible due to the half-second limit.
So if you don't know if this limitation is active on the server you can't modify the -d delay otherwise if exists one chance on a billion to find the right password you will fail due to the half-second packet dropping.

The brute forcing and wordlist options in multircon were added only for fun, not for a real usage (at least not with the half-second limit).


Top
 Profile  
 
 Post subject:
PostPosted: 25 Mar 2008 01:27 

Joined: 25 Mar 2008 01:25
Posts: 2
Ok so what if anyone places {}[],./'":;}{???? it wont fiind any password right"?


Top
 Profile  
 
 Post subject:
PostPosted: 25 Mar 2008 11:25 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
depends by the charset used by the attacker, but nobody is so mad to use a similar charset for a brute forcing attack so a similar rcon password is virtually safe


Top
 Profile  
 
 Post subject:
PostPosted: 25 Mar 2008 18:51 

Joined: 25 Mar 2008 01:25
Posts: 2
Hmm i don't understand how to put a charset could you please explain?
lets say i want to do on this server :
76.104.244.111 29070
What would the code be?


Top
 Profile  
 
 Post subject:
PostPosted: 26 Mar 2008 01:11 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the charset can be selected using the just the -b option, for example -b 10 azAZ09 will use the charset which goes from the low and high case chars 'a' to 'z' and the numbers.
Other charsets over byte 0x7f are probably a bit more difficult to set since I don't know how to pass these chars via command-line, anyway the brute forcing function supports any byte from 0x01 to 0xff (only 0x00 is out)


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 23 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: