Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:24

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
Author Message
 Post subject: [Solved]Quake 3 Engine Directory Transversal PoC 0.2.2
PostPosted: 11 Aug 2010 22:12 

Joined: 11 Aug 2010 22:10
Posts: 3
Hello Aluigi,
First of all thanks so much for your hard work discovering these bugs. Before I start I am run a COD2 1.0 server (No Punkbuster), which runs the Quake 3 Engine. A while ago our server was compromised. I am trying to basically do as the intruder would have done. Brute Forcing the RCON password seems to be impossible as I didn't see any excessive packets or commands being sent to the server in the logs. I stumbled upon your Q3 Engine Directory Transversal PoC 0.2.2 program. I tried this to see if the intruder could have in fact downloaded the configuration file. I followed the instructions on the program, but when I executed the command to download the file the map restarts on the client, but I can't find the downloaded file any where. I know it is supposed to go into the game folder, but I don't see it anywhere. Any help is very much appreciated. Thank you again.

-Colin


Last edited by colin on 21 Aug 2010 07:11, edited 1 time in total.

Top
 Profile  
 
 
 Post subject: Re: Quake 3 Engine Directory Transversal PoC 0.2.2
PostPosted: 11 Aug 2010 22:49 

Joined: 11 Aug 2010 22:10
Posts: 3
I also tried one other thing. I have a COD 2 1.3 server as well and the config file did download, but showed up in the App Data folder. I don't know why it won't work for 1.0

Thanks,
-Colin


Top
 Profile  
 
 Post subject: Re: Quake 3 Engine Directory Transversal PoC 0.2.2
PostPosted: 18 Aug 2010 15:25 

Joined: 11 Aug 2010 22:10
Posts: 3
Guys.... any answer??

Thanks,
-Colin


Top
 Profile  
 
 Post subject: Re: [Solved]Quake 3 Engine Directory Transversal PoC 0.2.2
PostPosted: 08 Sep 2010 09:15 

Joined: 24 Jun 2010 10:04
Posts: 70
Location: aluigi not @ home
it's possible that with cod2 1.0 it doesn't work because uses a structure a bit different so it's not supported by q3dirtrav.

I guess you already know it, anyway take a look here if it's a problem of paths:
post3478.html#p3478


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: