Jedi Academy Theory

Genius · **Joined:** 30 Nov 2008 05:34 **Posts:** 4

Ok, I have thought up a brilliant idea, I bring it here to be told if it would be possible, and if so how.

Well, I started playing around with stealing rcon passwords and such a few days back. I sucessfully downloaded the server config and have stolen an rcon password through the allow downloading bug. I know that there are some who have sucessfully hacked servers that have sv_allowdownloading set to 0. Infact I have witnessed it. So, I have been looking into it.

I think I have figured out a way to steal the rcon password from servers with sv_allowdownloading set to 0. But here is my question:

Is it possible to log the packets sent to the server? If it is, how would one go about doing that?

If we can find a way to log the packets sent, one of those packets would contain the rcon password. (That is, if someone logs into the rcon while we are logging.)

Answer back ASAP

-Genius

aluigi · **Posted:** 30 Nov 2008 15:08

have you a minimal idea of how works rcon or a client-server software in general?
you are not a server and are you not a hub/proxy/centre_of_the_world which can magically see the packets of the other clients...
another thread for the trash sections

Genius · **Joined:** 30 Nov 2008 05:34 **Posts:** 4

It was just a theory, and yes I know how client-server works.

Sethioz · **Posted:** 30 Nov 2008 21:21

oviously you don't know how client-server works.
you would need access to server itself to monitor packets. or to ISP which hosts the server. For example, you can compare this idea with this:

would it be possible to get my password (here, on this forum) by you monitoring the packets. see what i mean ? because what i send to Luigi's forum, will never get to you (visible text yes, but not directly).

Genius · **Joined:** 30 Nov 2008 05:34 **Posts:** 4

Ah, it makes sense now. Sorry, it was close to 12 when the idea hit me so it wasnt the brightest.. I will keep searching though, because I know there is a way to get the rcon from a server with sv_allowdownloading set to 0.

aluigi · **Posted:** 01 Dec 2008 00:22

game-specific bugs exist ever so is possible that exists a similar bug BUT most depends also by server-specific configuration.
for example there are some old mods or old versions ("updating" is not the preferred word of the people) which are full of bugs and a "cvar expansion" bug could be one of them.

with "cvar expansion" bug I refer to those mods which allow to use short words like #name which are then replaced with the relative string on the server (or sometimes on the other clients) and I remember to have read in the past about a similar bug which was used to get the rcon_password setted on the server in the old version of a game or mod... anyway mine are only hypothesis and examples.

Sethioz · **Posted:** 01 Dec 2008 03:02

well everything is possible in virtual world :)
but how exactly have you witnessed this ? somebody did that to your server ? or did somebody did it to your friend's server ? have you considered other possibilities ?

For example in some games we did EVIL thing, we crashed the real server and put up our server with same name lol, so ppl tought its actual server and moderators (admins) had no idea wtf is going on and why they have no access anymore and how we got access. They just didn't check IP of the server :)

other thing, maybe that person knew the server rcon, or simply guessed it. LOT of ppl use lame and simple passwords. like con123, 1234, 12345, qwer, qwert, qwerty, qaz, asdf, asdf123...etc. I even seen "1" as server password.

or maybe there is a way to make server think that sv_allowdownloading is 1. There can be lot of possibilities, but just the way you suggested is impossible (the exact way you described).

Genius · **Joined:** 30 Nov 2008 05:34 **Posts:** 4

There are many possibilitys to how he did it, but I dont think he just knew it.. One day I was playing on a server that is payed for, with all the security and such, and a guy came on that no one had ever seen before, he broke some rules and got "jailed" and then he deleted the walls of the jail (which you have to have admin to do in this game.) So the admin banned him, he came back (which is easy to do with a dynamic IP.) and then he stripped the admin powers from the admin. (which you need rcon to do.)

Now as I said there are many possibilitys, and yes he could have guessed it, but he had just logged onto the server and then started, he didnt sit there, (which, it would have to take at least SOME time to guess it unless your lucky.)

Sethioz · **Posted:** 06 Dec 2008 17:51

was it some clan server ? because we used to do that kind of jokes, we got their passwords from their clan forum/site and then we just messed around in their server and made them think we hacked the server.
usually when you ask them, if its exploit or they bruteforced pass..etc they wont answer, but you can try to ask him when you see him next time.

infus3 · **Posted:** 10 Dec 2008 19:02

If the server disables downloads your best bet is just to SE an admin on the server or something or suggest a new mod that maybe they'll upload. Then make sure that they don't have it set to use http redirect. Might take a few weeks to gain enough rep from someone though so that they would listen to your ideas. But how bad do you want that password? ;]

Sethioz · **Posted:** 10 Dec 2008 22:51

ofcourse there's lot of ways to get password. you can even try phising the admin's mail (usually they use same pass everywhere)..etc, but this was about exploit. so i don't think that he did that with an exploit. not sure how much Luigi have looked in it, but i think if he didn't find any exploit to do so, then its quite hard to find one, IF there even is any. So i think that he simply faked that he "hacked" this server. i think he got it with some other method.

Luigi Auriemma

Jedi Academy Theory