Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:00

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 
Author Message
 Post subject: A possible remote command execute of Half-Life system and CS
PostPosted: 05 May 2008 19:22 

Joined: 18 Apr 2008 07:08
Posts: 7
Acutually, I provide this information which many guys who play CS 1.6 may know. But I think that the most important thing is that it shows there is a channel existed for executing command on server.

When player join a HL Server or CS Server which is not dedicated, we may change the server operator name by typing the command "cmd name XXXXXX" or """name XXXXXX" in CS console (we could not change the server operator name of a dedicated server since the name system only work on HL.exe but not HLDS.exe). But I think that the most important thing is that we could sniffering the packet when sending this command and see what is included in the packet. Since CS rely on unrealiable UDP connections, I think the UDP datagram should look like "FF FF FF FF <specific hex string for executing command on Server side> <command>" and then the command may simply execute on the server.

Besides, I have find that the packet with "FF FF FF FF 6C" is working for both Server and Client. If we have the IP of a client, we may show information to his console by sending the packet to his IP and client port (usually 27005). I think that both HLDS.exe and HL.exe are using same method to process the packet. That mean all the connections information from anywhere will execute on both servers and clients.

I hope this information could help Luigi for building a new POC of HL system.

P.S. Actually I could sniffer the packet by using WinPcap, but I think that WinPcap may be unclear, slow down the connection and operation time of Windows or cause vulnerabilities for hackers, also WinPcap setting is hard to clean. Therefore I would like Luigi to help me figure out how the command is send to Server for execute.

P.S.(2) Normally, any command start with "cmd" will only execute on the client sides. But I don't know what is the reason that when append the command "name" after "cmd", this command will execute on the server sides.


Top
 Profile  
 
 
 Post subject:
PostPosted: 05 May 2008 20:42 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
"cmd" in HL is an in-game way to send custom commands to the server which are then parsed and managed by the server so, in short, if you use "cmd say hello" it's the same as you use "say hello".
It's a non connectionless command so you can't see it with a sniffer because it's compressed and bitstringed in the packet.

The "name" command instead is a way to change your nickname, not that of the server or other people on the server.
So I don't see problems or strange things in what you describe.


Top
 Profile  
 
 Post subject:
PostPosted: 06 May 2008 06:50 

Joined: 18 Apr 2008 07:08
Posts: 7
aluigi wrote:
"cmd" in HL is an in-game way to send custom commands to the server which are then parsed and managed by the server so, in short, if you use "cmd say hello" it's the same as you use "say hello".
It's a non connectionless command so you can't see it with a sniffer because it's compressed and bitstringed in the packet.

The "name" command instead is a way to change your nickname, not that of the server or other people on the server.
So I don't see problems or strange things in what you describe.


No ..if you try to use it for people who use HL.exe to open server ..You could find that if your type cmd name XXXXXX ..The Server name will change to XXXXXX ..It should success under v2834 ..

Example:
I use the name "Player" and use HL.exe open server. If anyone in my server type "cmd name Stupid", then my display name will change to "Stupid". This is ture for all the server using HL.exe and should be work under v2834. (At least work for me using v2834.)


Top
 Profile  
 
 Post subject:
PostPosted: 06 May 2008 06:55 

Joined: 18 Apr 2008 07:08
Posts: 7
aluigi wrote:
"cmd" in HL is an in-game way to send custom commands to the server which are then parsed and managed by the server so, in short, if you use "cmd say hello" it's the same as you use "say hello".
It's a non connectionless command so you can't see it with a sniffer because it's compressed and bitstringed in the packet.

The "name" command instead is a way to change your nickname, not that of the server or other people on the server.
So I don't see problems or strange things in what you describe.


Is that my own problem then? lol All people in Hong Kong can use this command to change server name which using HL.exe to start server lol

I don't know why the "setinfo name XXXXXX" command will execute on server side. If you do not trust me, you should try it at once. You should open HL.exe and start server, then ask people to use console command "cmd name XXXXXX" in your server lol Then you see your display name, you could find amazing thing. lol

P.S. My friend told me that this is a bug made by Value since CS 1.5 lol


Top
 Profile  
 
 Post subject:
PostPosted: 06 May 2008 12:20 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
it's the first time I hear about version v2834 in Half-Life.
The latest non-steam release is 4.1.1.0 for HL.exe and 4.1.1.1e for HLDS.exe, and in any case only a crazy admin can run a server through HL.exe since it's affected by many critical vulnerabilities which have been fixed only in the dedicated server.
So if is really possible to change the name of the server this is the minimal problem 8-)


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: