Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 19:54

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 7 posts ] 
Author Message
 Post subject: {help} hacked..?
PostPosted: 20 May 2009 20:42 

Joined: 20 May 2009 20:23
Posts: 4
Some (1,2 - tffa, 3 - duel, 4 - siege) my JKA servers was hacked, I can't understand, how. They steal the rcon, but not changed it. This passwords can't be bruted or stolen by trojan. How they hacked me? Mods: none, basejka.

configfiles:

http://rapidshare.com/files/235322714/cfg.rar.html

rconpasswords:
rconpassword "m10zmal*@0zkel10zekej20())xkkx----201"
rconpassword "@(*)!(0x9zz08xz9*)$#(*$#)$*)@!43MMM!kkskjdsk21" :)
sv_allowdownload, callvote bug - fixed.

How? lol


Top
 Profile  
 
 
 Post subject: Re: {help} hacked..?
PostPosted: 20 May 2009 21:21 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
it could be retrieved through the so called "callvote bug" (quake3-engine-callvote-bug-t686.html), indeed you have the voting enabled on your server.

if you disable the voting you "should" be safe, otherwise if you have a windows server you can try my fix (http://aluigi.org/patches/q3cbufexecfix.lpatch).
in the previously linked thread someone linked also a "patch" for jka linux but being closed source it's NOT trusted so I don't suggest it (anyway it's all up to you)


Top
 Profile  
 
 Post subject: Re: {help} hacked..?
PostPosted: 20 May 2009 21:32 

Joined: 20 May 2009 20:23
Posts: 4
Duel server:
aluigi wrote:
seta g_allowvote "0"

hmm... and i fix it (callvote bug).


Top
 Profile  
 
 Post subject: Re: {help} hacked..?
PostPosted: 21 May 2009 07:58 

Joined: 20 May 2009 20:23
Posts: 4
My servers was hacked by a "super-hackers"? xD'


Top
 Profile  
 
 Post subject: Re: {help} hacked..?
PostPosted: 21 May 2009 08:57 

Joined: 20 May 2009 20:23
Posts: 4
Only 2 of my servers has vote enabled, but all was hacked. And, I repeat, password's wasn't changed - all this mean, that they aren't used callvote bug


Top
 Profile  
 
 Post subject: Re: {help} hacked..?
PostPosted: 21 May 2009 14:53 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
uhmmm except for the previous post I don't think to have more info or hypothesis due to the following technical reasons:
- I have never played JKA
- I have never performed bugs researching specific for JKA (indeed jamsgbof is only an effect of another bug in the q3 engine)
- I don't know specific bugs of JKA
- I don't know specific bugs in mods used by JKA
- I know the details only of the bugs direcly found by me (listed in my Advisories section) but except for the info written in those advisories I don't know more about them (I'm aware of the callvote bug ONLY because it was showed me directly on my forum)
- about the so called callvote bug, I created only that windows patch but didn't look deeper in all the possible ways to exploit that vulnerability or possible ways specific of a particular game or particular exception (uhmmm for example if an old game doesn't filter even the ';' char)
- the callvote bug allows to execute any command on the server (modifying the rcon password is only the command I suggest to test the bug NOT the only possible command)
- something else I forgot as usual

so this is what I know personally, maybe someone else here can help you


Top
 Profile  
 
 Post subject: Re: {help} hacked..?
PostPosted: 29 May 2009 17:18 

Joined: 03 Feb 2009 19:52
Posts: 36
Location: Switzerland
Okay, there is a concept. If your 3 Server all are on the same root, and one of the server has vote enabled.
Enable Vote, change rcon, log in rcon, look with rcon path at the Hostname and path of the other server, start q3dirtrav, enter server.cfg, write in console, for example, download /home/newonje/Server1/base/server.cfg
and you ve got the server cfg from the server which has download 0.
that explains that they didnt have to change the rcon, because they have the server.cfg. logical^^


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 7 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron