Raised This Month: $12 Target: $400
 3% 

New RCON exploit


Post New Thread Reply   
 
Thread Tools Display Modes
Keeper
Senior Member
Join Date: Nov 2006
Old 11-06-2009 , 15:09   Re: New RCON exploit
Reply With Quote #11

As I see it, this is an engine exploit that somebody is using to run commands on plugins. I don't see it as a Mani exploit alone. It works on my HL2DM plugin as well without mani installed.

That being said, maybe the way commands are processed does need updating to make sure engine exploits aren't used to get to plugins.
Keeper is offline
thetwistedpanda
Good Little Panda
Join Date: Sep 2008
Old 11-06-2009 , 16:31   Re: New RCON exploit
Reply With Quote #12

CS:S won't be getting any treatment from Valve anytime soon, so we're shit out of luck in any "engine" updates. Mani was poorly written and has too many exploits to count (the number only increased after the sourcecode was released). ES_Tools/EventScripts suffers from much the same, but at least the latter seems to have been updated to reduce the amount.
__________________
thetwistedpanda is offline
Isias
Senior Member
Join Date: Apr 2006
Old 11-06-2009 , 18:42   Re: New RCON exploit
Reply With Quote #13

Jop, i also think there won't be an update for the Cs:S engine soon, sadly. But refering to the exploits, which one do you currently know off? Please attach a short description of how to reproduce the exploit, so Keeper could have a look at it. If you're refering to spaming timeleft & nextmap or rcon commands, a dos attack also is possible on a vanilla server.

Last edited by Isias; 11-06-2009 at 19:08.
Isias is offline
devicenull
Veteran Member
Join Date: Mar 2004
Location: CT
Old 11-07-2009 , 15:26   Re: New RCON exploit
Reply With Quote #14

Quote:
Originally Posted by Isias View Post
If you're refering to spaming timeleft & nextmap or rcon commands, a dos attack also is possible on a vanilla server.

.. That doesn't mean you shouldn't ratelimit the commands. It's still the most popular way of flooding servers.
__________________
Various bits of semi-useful code in a bunch of languages: http://code.devicenull.org/
devicenull is offline
Isias
Senior Member
Join Date: Apr 2006
Old 11-07-2009 , 16:14   Re: New RCON exploit
Reply With Quote #15

Yes, that's right. A flooding prevention to deal with this engine bug will be in 1.2T. But this topic was about exploits.
Quote:
retsam:
Mani = bad mkay?

devicenull:
It's Mani. Remove it and you will be fine.
...the exploit relies on the changelevel command. For some reason mani fucks this up which means it can execute commands somehow...

thetwistedpanda:
quite a few Mani takeover scripts going around that do not require sv_cheats or rcon access
...poorly written and has too many exploits to count (the number only increased after the sourcecode was released)...
Does anybody know a working exploit on Mani Admin Plugin? If yes, could he please post it here, so Keeper could have a look at it?

Last edited by Isias; 11-07-2009 at 16:23.
Isias is offline
devicenull
Veteran Member
Join Date: Mar 2004
Location: CT
Old 11-09-2009 , 18:30   Re: New RCON exploit
Reply With Quote #16

The one you PMed me works with Mani. I've definitely replicated it on a server running nothing other then Mani. I can tell you we regularly see servers running only Mani being taken over by *some* exploit.

I can verify this at some point this week, but I don't have CSS installed on my laptop right now.
__________________
Various bits of semi-useful code in a bunch of languages: http://code.devicenull.org/
devicenull is offline
cheeeeese
Junior Member
Join Date: Nov 2009
Old 11-11-2009 , 03:06   Re: New RCON exploit
Reply With Quote #17

Please keep us updated on a fix.
I am a troubled server owner who also uses mani and needs this fixed
cheeeeese is offline
Isias
Senior Member
Join Date: Apr 2006
Old 11-11-2009 , 10:20   Re: New RCON exploit
Reply With Quote #18

Could you add a short server logfile?

Quote:
I can verify this at some point this week, but I don't have CSS installed on my laptop right now.
This would be great. If you're able to gain RCon access on a server with Mani Admin Plugin only, please post a way how to reproduce this, so Keeper can have a look at it. All exploits i found so far where based on sv_cheats 1, two eninge based dos attacks and an exploit in the maphandler of ES 1.5 which got fixed long ago, but still, some server owners run the affected version.

Last edited by Isias; 11-12-2009 at 12:41.
Isias is offline
cheeeeese
Junior Member
Join Date: Nov 2009
Old 11-11-2009 , 13:24   Re: New RCON exploit
Reply With Quote #19

Unfortunately, I think he disabled logging, as I cannot find the log files as the thread started posted.

EDIT:
Please, someone make a fix for this quick!
Hacker keeps on giving random admin away and banning people and removing my admin. >.<

Last edited by cheeeeese; 11-11-2009 at 16:45.
cheeeeese is offline
Isias
Senior Member
Join Date: Apr 2006
Old 11-11-2009 , 18:59   Re: New RCON exploit
Reply With Quote #20

If he disabled RCon, then there still should be log files prior to him gaining RCon access. It would be really necessary to have a look at the commands used prior to him gaining RCon access and to get some more informations about your server, especially if you've set sv_cheats 0 in your server.cfg and what plugins are running.
Isias is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 10:18.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode