multircon! :<

zawaki · **Joined:** 22 Apr 2008 18:09 **Posts:** 4

Well hi ,I need an help:

I have downloaded the multircon but I think it's too long to get a pw, I wanna know if it's possible to fix a minimum of character (I wanna to start to brute force the pw by 5 letters and not 1)or if I you know a link for download a good wordlist :d

thx

PS: thats the command which I use :

Quote:

multircon -x -i -b 10 09AZaz -d 10 IP PORT

aluigi · **Posted:** 22 Apr 2008 18:49

yes it's normal that the brute forcing takes many time and the finding of the password is not guarantee due to various technical reasons.
The usage of -d 10 is suggested only if you are 100% that the server you are testing has not the half second limit (for example uses my rcon disabling fix).
Anyway remember that with -d 10, if the password is found, the one which will be displayed on the screen could not be the right one, due to time reasons (this is something I need to fix in these days).

For the wordlists exist many sources (also some torrents), some of them are collected here:

http://packetstormsecurity.org/Crackers/wordlists/

zawaki · **Joined:** 22 Apr 2008 18:09 **Posts:** 4

ok :d well I must to use "-d 100" right? ^^

and u meaned "(this is something I need to fix in these days)" you're so working on a new version of multircon? :d if you're I will wait the next :d

But ,inwait can u tell me if you know an other good way to get a rcon pw?

aluigi · **Posted:** 22 Apr 2008 19:53

the correct value of -d is the default one (half second).

in reality multircon is not very supported by me, anyway I usually try to fix problems also on low priority or old tools.

the rcon password in Quake based servers is usually located in the configuration files (for example server.cfg) that's why many people exploits the directory traversal vulnerability for retrieving these files.
the only requirement is that the server must have the sv_allowdownlod cvar set to 1 (in short the clients can download the missing files) and the proof-of-concept for testing the bug is q3dirtrav

zawaki · **Joined:** 22 Apr 2008 18:09 **Posts:** 4

thx mate :)

zawaki · **Joined:** 22 Apr 2008 18:09 **Posts:** 4

Hm sorry but can you help me again?
I wanna know how to download the server.cfg of atremulous's server with q3dirtrav :<

aluigi · **Posted:** 26 Apr 2008 16:21

tremulous uses the ioquake 3 engine (the open source quake 3 engine) which is patched versus this and any other known vulnerability.

Sethioz · **Posted:** 10 May 2008 11:05

uhm kind a old topic, but if you need wordlists contact me. i have worked for years on my wordlists .. optimizing them. only problem is tht they r lower alpha atm (im only cracking md5 hashes with them, so i dont need uppercase words, passpro rules file does it for me)
you can also use movie subtitles to make wordlists...i have guide on my forum too how to make wordlist out of any file.

e.wiZz! · **Joined:** 24 Apr 2008 20:46 **Posts:** 11

ah,its almost impossible to get rcon pass. with bruteforce...specially on steam(you get banned after 5 tries)

Luigi Auriemma

multircon! :<