multircon help

mat. · **Joined:** 26 Sep 2007 02:55 **Posts:** 7

My server has been hacked many times this past week and I think it's from this tool, but i'm not sure. I read that it doesn't work to great with the quake 3 engine, but what about soldier of fortune II? I tried testing it on my server, by setting up a wordlist and setting the rconpassword to something that's in the wordlist but it does not find it? How else could this person be getting the rcon password? Thanks. :wink:

aluigi · **Posted:** 26 Sep 2007 09:15

if your server has sv_allowdownload set to 1 the trick is explained:

http://www.securityfocus.com/archive/1/ ... 0/threaded

with the proof-of-concept q3dirtrav anyone can download any file from the disk on which the server is running.
The only way to avoid this type of attack is disabling the downloading of files in your server.

mat. · **Joined:** 26 Sep 2007 02:55 **Posts:** 7

Thanks! That helps. One more thing. Someone has been changing the file size of our files on our server which corrupts them where all our settings are lost. Is there any way to fix this or do you know of such an xploit? Thanks!

aluigi · **Posted:** 27 Sep 2007 10:18

Do you mean they have modified your configuration files or the game files (exe, dll, pk3 and so on)?
Anyway depends by how they have been corrupted, don't you have a backup of these files?

mat. · **Joined:** 26 Sep 2007 02:55 **Posts:** 7

I mean the server files. I do have backups but is what someone is doing is corrupting all the files that are on the server. i.e server.cfg, osp.mapcycle, etc. They are somehow changing the file size which corrupts it and no longer allows it to work. Any idea? Thanks :wink:

aluigi · **Posted:** 28 Sep 2007 10:15

Uhmmm as far as I know is not possible to modify the server's configuration files since there is no way for doing it (known bugs).
Is possible that these people still have your rcon password or have uploaded some new "files" which cause these problems... it can be anything.

greenleaf · **Joined:** 10 Jan 2008 22:35 **Posts:** 4

What is the path to download the server.cfg from Enemy Territory? I used that q3dirt program which it will crash my enemy territory everytime and it will never download anything. So what command should i use to donwload the the files? I have tried /download et/etmain/server.cfg /download etmain/server.cfg /download base/server.cfg etc but nothing seems to work. i know my server is set to allow donwloads and it is vulnable but how can one get this file?

respectfully,

greenleaf

aluigi · **Posted:** 16 Jan 2008 17:28

ET actually seems to be the only game not supported by q3dirtrav probably because uses a different clientConnection_t structure.
For the moment I don't know if I will work on a work-around for this game like I did for CoD

greenleaf · **Joined:** 10 Jan 2008 22:35 **Posts:** 4

Oh ok makes sense why it dont work. But can you please work on a run around for this game? That would be so great and awesome!!!!!!! Also that pbmsgs, nothing happens when I use it for a server that is vulnable, i tired -l 100 server port and it will run .................. that forever. So i tell people to go to my server when i use it and that doesnt effect the server. Any ideas ?

Ci vediamo dopo!!!!!!

greenleaf

Sethioz · **Posted:** 18 Jan 2008 15:15

did you tried that only on your server ? and if yes .. does your server run in your pc ? ..usually you have to use 127.0.0.1 ip instead of public ip if you testing something on your own server...

greenleaf · **Joined:** 10 Jan 2008 22:35 **Posts:** 4

Well yes my server and others. No my server is rented buy a company. It is not from my pc.

Kane491 · **Joined:** 07 Aug 2008 06:01 **Posts:** 45

This may be off topic but when i exec multircon.exe in cmd line,i drag it and i do the ip + port but what option do i do?when i do -a it comes up with this....
StdOut:
Multi engine RCON tool and password guesser 0.2.3b
by Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org

- target 216.165.226.162 : 60948
- rcon type 0 "Quake 3 engine"
- insert password: - the following are the commands handled internally by this tool:
/rcon_help this help
/rcon_pass [PASS] for re-inserting the password
/rcon_host HOST[:PORT] for changing server and password
/rcon_port PORT for changing only the server's port
/rcon_type [NUM] for changing the type of rcon, use ? for list
/rcon_info query the server

Error: unable to create thread

StdErr:

aluigi · **Posted:** 09 Aug 2008 22:58

the thread error is strange and unusual.
what operating system are you using and what exact version/service pack?

Kane491 · **Joined:** 07 Aug 2008 06:01 **Posts:** 45

I am using a mac osx lol, But i have a program to run the command line. ^^ it's all good,i know how to bruteforce, but i'm never succesful lol,even on my own server with the /rcon password ''a'' :C Is there a fast way to do it?

aluigi · **Posted:** 14 Sep 2008 00:29

if your rcon password is "a" the password guessing should be immediate, if doesn't happen means there is a compatibility problem in the tool or in the options you used

desxor · **Joined:** 01 Sep 2008 07:40 **Posts:** 31

Luigi, I recently tried this tool of yours out, it works perfectly well for each game supported except for Half-Life it seems. Which version of Half-Life should this work for, and should it work for current HL-based games such as Counter-Strike or even Source versions of these games? It always returns a "Error: socket timeout, no reply received" error for me.

Thank you.

aluigi · **Posted:** 15 Sep 2008 16:54

multircon is compatible with the non-steam version of HL, like HL 4.1.1.1e

desxor · **Joined:** 01 Sep 2008 07:40 **Posts:** 31

aluigi wrote:

multircon is compatible with the non-steam version of HL, like HL 4.1.1.1e

As I thought, thank you.

aluigi · **Posted:** 16 Sep 2008 11:45

if the format of the rcon of steam is enough simple and someone has some dumped packets I could add support for it