Luigi Auriemma

well i was trying this q3dirtrav the other day, and it all works 'n stuff, ..
but when i do /download uo/server.cfg in the console
it sais it cant find the file for autodownloading

so now my question is, what am i doing wrong and/or how should i do it

thanks in advance
sincerly, H

I think the hypotesis are two:
- you are specifying a file not available on the server
- the server doesn't allow downloading (sv_allowdownload set to 0)

woa
you actually replied
its an honor to meet you, sir.

well,
can you explain a little bit more how q3dirtrav actually works?

i've discussed with a friend of mine, and he said sv_allowdownload 1 is for allowing people to download files (from the re-direct) if they don't have them yet, so it wouldn't have any contact with the server itself to download the server files(server config's etc..).

also, when you can download (like maps) from the server, does this mean sv_allowdownload is on? (stupid question, i know, but it has been confusing me since there are a lot of cvar's about download stuff o_O)


maybe the cfg could be called master.cfg, or serversettings.cfg

The best way to understand how q3dirtrav works (although it's very very simple) is probably through the following video:

http://mirror.aluigi.org/video/q3dirtrav.avi

(the video is in h264 so check to have the right codec otherwise go on http://www.codecguide.com)

On the server sv_allowdownload MUST be 1 otherwise the directory traversal vulnerability cannot be exploited, this can be viewed if you don't have a mod and when you connect to the server you automatically download it.

Then when you type /download file from the console it should give you a different error if sv_allowdownload is disabled.

The other way to know if this variable is enabled is using query tools, for example like gslist:

gslist -d 1 SERVER PORT

yea i seen the movie.

but like i said, the sv_allowdownload will go to the redirect(i think), not the server
so what does q3dirtrav do?
not like how to use it :)
as in: what does the "program" do what i cant see? else you wouldn't make a program for it.
how does it get into the server to download the files

hmm little edit:

well i tried downloading dedicated.cfg
and CoD just.... i couldn't say froze because that wouldn't be the right word
my lagometer (cg_lagometer) just showed like i was lagging
then seconds later it started to do weird, like the top black bar when loading a map appeared.

technically the only thing which q3dirtrav does is filling the structure used by the client for downloading the files placing the custom remote and local filename you choosed.

In my tests using CoD 1.5 I had no problems, what exact version of Call of Duty are you using?

CoDUO(-> united offensive, if you don't know, but i bet you do) 1.51(b) i guess.

but i'm going to do another test here.
UFA server keeps their files in the UFA-MOD folder (also the master.cfg)
so maybe that server i've been testing it on, does the same but in their folder.


can you think of any other ways to crash servers besides q3infoboom though? i'm very interested with that stuff

CoDUO has not been tested by me so first check if it's "q3dirtrav compatible".
It's very simple, launch a dedicated server and set sv_allowdownload 1 (you can do it from both command-line and runtime if I'm not in error).

If you can download your files (you can use filemon to catch the exact folder on which the server checks the files) means it's compatible.

When you will know if it's compatible with q3dirtrav then you can think to the rest.

dedicated server, as in "internet dedicated" ?
or will a a listen server work fine
i only have 1 PC (and from my experience, starting a internet dedicated server will bring up a console, making that PC useless (cant run another copy of CoDUO, i think)

and i bet CoDUO is "the same" as CoD
its just a expansion (and i bet that is spelled wrong o_O)

EDIT: ahh you can run a server and CoDUO at the same time
but bla then again i don't know what to do :(

internet or LAN dedicated server, so you can then start the client process without problems.
Remember to select the client process from q3dirtrav since both the client and server have the same name, in case of confusion:
- start q3dirtrav
- start the dedicated server
- refresh the processes in q3dritrav and keep note of the PID of the cod process
- start the client (window mode is preferred for the tests) and join the server
- refresh the processes in q3dirtrav and select the CoDUO process with the different PID
- use q3dirtrav as usual

I know that CoD and CoDUO should be the same and in fact when I modified q3dirtrav for supporting CoD I also checked the CoDUO and CoD2 executables (through a disassembler since I don't have the games) for being sure that they used the same "different" structure, but as usual the "practice" can ever change.

ok so the console clearly said (of my LAN server)

"sv_allowDownload" is:"1" default:"1"
clientDownload: 0 : begining "uo/master.cfg"
clientDownload: 0 : "uo/master.cfg" file not found on server

so i'm having troubles getting the name of the cfg :(
and i guess there is no way of knowing that?

that's when you need to use filemon:

http://technet.microsoft.com/en-us/sysi ... 96642.aspx

set the filter as blabla
and then try to download the file uo/blabla.cfg
filemon will show you where the server was looking the blabla.cfg file

thats where i get confused.

i got filemon and everything
i filtered anything thats not CoDUOMP
then it just shows the pk3 names o_O
and nothing else.

i did guess the cfg name
/download merciless_uo/server.cfg
it did something... reconnected me & then when it finished loading "server disconnected - failed to validate pure client!"

the "reconnection" thing is a good thing, means that a file have been received.
have you seen if the local file has been created?

well, it hasn't been created
but i can see the console saying (before i re-load the map) "failed to initialize download for 'http://tomorrowzweaponz.net/maps/merciless_uo/server.cfg' "
which proves my point, it's looking for the cfg on the re-direct, instead of the server.

These "redirects" don't exist in the Quake 3 engine (where is located the bug), so it's a CoD related thing unrelated to the bug.
if you can't download files from the server you can't exploit the vulnerability.

i get your point

thanks for all the help anyway >=D

maybe we meet again, some day

released q3dirtrav 0.2.2 with support for ET 2.55

woa
so you're still working on this stuff

an user requested this work-around and then ET 2.55 is one of the most played games in the world 8-)

lol >.> hi hurra.

trying twz server? o.O

i i didn't read all this stuff but, if you're still trying to figure it out. it only works on servers that don't have a redirect. dont worry ufa is safe. ;]

!x0mbie

"set cl_wwwdownload 0" disables the http redirect download and should force the in-game one

Sorry to beat a dead horse with this question but.. does this q3dirttrav issue work with Call of duty 4 Patch 1.7?

Thanks

Q3DirTrav does not work on any of the Call of Duty series (it does, if the files are directly downloaded from the server instead of using a redirect)
but i doubt it that there are any servers out there which do not use a external site to download the files from.

i think the commands are something like this
sv_wwwDownload //allow downloading or not
sv_wwwBaseURL //where to download from

Hi, I was using Q3DirTrav for some purposes but now I see that on the server, sv_allowdownload is 1 (Enabled) but I am unable to download the file. What could be the reason? I created the server for testing purposes, I tried to download the file but same, Nothing Happened. What could be the possible reason?

it's possible that the problem about you refer is the same one discussed and resolved here:
call-of-duty-4-patch-1-7-exploits-t443.html

No i guess this is something else. The server shows that sv_allowdownload is 1 but it acts like if it were off. I tried it in a server where sv_allowdownload was 0 and the result was 100% same, nothing happened. It only happened in 1 server only not all. Could it be the fix (q3dirtravfix)??

if it's a windows server yes, it's possible that it's q3dirtravfix
oh it's possible that exist also linux fixes for this, example: http://s4ndmod.com/phpBB3/viewtopic.php?f=34&t=53

No server is Windows Server and I guess its been fixed =) Thanks for the support, will be here to know more and try more =)

Hi.
I have a problem. I configured the program, I entered in the console / download main / server.cfg, reconnect to do (or downloaded to). But download file not save it in file OUTPUT :( Why?