|
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 12:17
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 4 posts ] |
|
Author |
Message |
infrasound
|
Post subject: q3dirtrav Dont Working ? Wolf:ET 2.55 Posted: 13 Jul 2008 19:38 |
|
Joined: 02 Apr 2008 09:10 Posts: 2
|
hi i have a server and last week someone came to my server with admin lvl and ban all my players so i searched about it , i saw here in google then im here :)
firstly i try it (poc 0.2.2) on my server and its doesnt worked but there isnt anyway to steal my rcon password; i think they download my cfg , so i change my cfg name to none standart name i solve it , then i try this poc 0.2.2 v. on my server realy they use this or not , but i saw this not working
i did : first run wolfet client, then connect server, then open poc 0.2.2 select process, type download name, then open client console and write /download jaymod/jaymod.cfg so its gave me error all time , error is : Fatal : 404 not found, but its creating in my client game directory tmp.txt (that i wrote it so ) i looked in but nothing :) empty 0 kb.
now im interesting about the way of stealing my admin pass, if they used this why not worked for me, if they not used this i wanna your help whats the other way and what can i do for solve the problem.
Sorry for my poor english.
Thanks a lot . [b][/b]
|
|
Top |
|
|
|
|
|
|
|
aluigi
|
Post subject: Posted: 13 Jul 2008 22:08 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
the directory traversal bug in quake 3 is exploitable ONLY if sv_allowdownload is set to 1 so this i the first thing you must check.
if this is your case means you are vulnerable and seems you have followed the rigth steps in testing your server with q3dirtrav.
anyway the error you receive is strange since seems a http error, do you have sv_wwwdownload or other similar cvars activated?
|
|
Top |
|
|
infrasound
|
Post subject: Posted: 14 Jul 2008 11:12 |
|
Joined: 02 Apr 2008 09:10 Posts: 2
|
So you mean Wolfenstein enemy territory not vulnerable ?
Yes sv_allowdownload is set 1 in my server and sv_wwwdownload is http download not active in may config .
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 14 Jul 2008 14:27 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
I mean that ET is vulnerable and in my local tests q3dirtrav was just adjusted to support the 2.55 version but naturally for me is impossible to know the causes of all the strange problems derived by custom or different configurations.
in your case the 404 error makes me thinking that your client has tried to download the file using the HTTP method (I don't remember if it's supported by ET, CoD has it for example) which is strange.
an explanation could be in some differences between the client structure used in most of the Quake 3 games and the one used instead in ET but I doubt since in my tests it worked
|
|
Top |
|
|
|
Page 1 of 1
|
[ 4 posts ] |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|