Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:17

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 
Author Message
 Post subject: multircon! :<
PostPosted: 22 Apr 2008 18:31 

Joined: 22 Apr 2008 18:09
Posts: 4
Well hi ,I need an help:

I have downloaded the multircon but I think it's too long to get a pw, I wanna know if it's possible to fix a minimum of character (I wanna to start to brute force the pw by 5 letters and not 1)or if I you know a link for download a good wordlist :d

thx

PS: thats the command which I use :
Quote:
multircon -x -i -b 10 09AZaz -d 10 IP PORT


Top
 Profile  
 
 
 Post subject:
PostPosted: 22 Apr 2008 18:49 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
yes it's normal that the brute forcing takes many time and the finding of the password is not guarantee due to various technical reasons.
The usage of -d 10 is suggested only if you are 100% that the server you are testing has not the half second limit (for example uses my rcon disabling fix).
Anyway remember that with -d 10, if the password is found, the one which will be displayed on the screen could not be the right one, due to time reasons (this is something I need to fix in these days).

For the wordlists exist many sources (also some torrents), some of them are collected here:

http://packetstormsecurity.org/Crackers/wordlists/


Top
 Profile  
 
 Post subject:
PostPosted: 22 Apr 2008 19:07 

Joined: 22 Apr 2008 18:09
Posts: 4
ok :d well I must to use "-d 100" right? ^^

and u meaned "(this is something I need to fix in these days)" you're so working on a new version of multircon? :d if you're I will wait the next :d

But ,inwait can u tell me if you know an other good way to get a rcon pw?


Top
 Profile  
 
 Post subject:
PostPosted: 22 Apr 2008 19:53 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the correct value of -d is the default one (half second).

in reality multircon is not very supported by me, anyway I usually try to fix problems also on low priority or old tools.

the rcon password in Quake based servers is usually located in the configuration files (for example server.cfg) that's why many people exploits the directory traversal vulnerability for retrieving these files.
the only requirement is that the server must have the sv_allowdownlod cvar set to 1 (in short the clients can download the missing files) and the proof-of-concept for testing the bug is q3dirtrav


Top
 Profile  
 
 Post subject:
PostPosted: 23 Apr 2008 15:03 

Joined: 22 Apr 2008 18:09
Posts: 4
thx mate :)


Top
 Profile  
 
 Post subject:
PostPosted: 26 Apr 2008 16:18 

Joined: 22 Apr 2008 18:09
Posts: 4
Hm sorry but can you help me again?
I wanna know how to download the server.cfg of atremulous's server with q3dirtrav :<


Top
 Profile  
 
 Post subject:
PostPosted: 26 Apr 2008 16:21 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
tremulous uses the ioquake 3 engine (the open source quake 3 engine) which is patched versus this and any other known vulnerability.


Top
 Profile  
 
 Post subject:
PostPosted: 10 May 2008 11:05 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
uhm kind a old topic, but if you need wordlists contact me. i have worked for years on my wordlists .. optimizing them. only problem is tht they r lower alpha atm (im only cracking md5 hashes with them, so i dont need uppercase words, passpro rules file does it for me)
you can also use movie subtitles to make wordlists...i have guide on my forum too how to make wordlist out of any file.


Top
 Profile  
 
 Post subject:
PostPosted: 15 May 2008 22:10 

Joined: 24 Apr 2008 20:46
Posts: 11
ah,its almost impossible to get rcon pass. with bruteforce...specially on steam(you get banned after 5 tries)


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: