:hlds-boun...@list.valvesoftware.com] On Behalf Of Spencer 'voogru'
MacDonald
Sent: Thursday, 3 December 2009 11:12 AM
To: 'Half-Life dedicated Win32 server mailing list'
Subject: Re: [hlds] Source Engine Upload/Download POC
You can prevent most damage by simply locking down
l Message-
From: hlds-boun...@list.valvesoftware.com
[mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Garry Newman
Sent: Wednesday, December 02, 2009 6:32 PM
To: Half-Life dedicated Win32 server mailing list
Subject: Re: [hlds] Source Engine Upload/Download POC
Anyone had any word from Valve on
Anyone had any word from Valve on this?
I'd rather not install a load of plugins to try to stop people hacking my
server.
garry
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailm
ed Win32 server mailing list
Subject: Re: [hlds] Source Engine Upload/Download POC
You could upload a plugin which dumped Rcon and password data to a
certain PHP page to the server, then crash the server (several known
crashing exploits) to make the plugin auto-load. It's like a server
root
Read the OP...
On Sunday, November 29, 2009, Aaron A. Maricic wrote:
> Does this apply to L4D / L4D2?
>
> AzuiSleet wrote:
>> It seems the upload/download exploits aren't dead yet, and Valve
>> didn't do a good job at patching them. A blacklist didn't work too
>> well. Here is a serverplugin POC
Does this apply to L4D / L4D2?
AzuiSleet wrote:
> It seems the upload/download exploits aren't dead yet, and Valve
> didn't do a good job at patching them. A blacklist didn't work too
> well. Here is a serverplugin POC to upload and download files. It's
> fairly trivial to use:
>
> download_file c
You could upload a plugin which dumped Rcon and password data to a
certain PHP page to the server, then crash the server (several known
crashing exploits) to make the plugin auto-load. It's like a server
root-kit lol.
On Sunday, November 29, 2009, w4rezz wrote:
> Or you can remove rcon_password f
True. Otherwise someone can upload a Sourcemod/Eventscripts plugin and
change that rcon password that way. Can also do other fun things.
On Sun, Nov 29, 2009 at 10:56 AM, P. Bhandal wrote:
> You're better off blocking your game server's TCP port.
>
> On Sun, Nov 29, 2009 at 7:51 AM, Michael Kras
Good idea i think thats a bit easier :)
On Sun, Nov 29, 2009 at 11:13 AM, w4rezz wrote:
> Or you can remove rcon_password from server.cfg and use it as a server
> startup parameter +rcon_password blabla
>
> 2009/11/29 Michael Krasnow :
> > wait, so this means anyone can go on a server and downlo
Or you can remove rcon_password from server.cfg and use it as a server
startup parameter +rcon_password blabla
2009/11/29 Michael Krasnow :
> wait, so this means anyone can go on a server and download a server.cfg?
>
> time to bury my rcon in a crap load of exec files lol
>
> On Sun, Nov 29, 2009
Shell/RDP account. Cryptography key. RCON port blocked/filtered to a
specific IP.
Winrar.
Michael Krasnow wrote:
> wait, so this means anyone can go on a server and download a server.cfg?
>
> time to bury my rcon in a crap load of exec files lol
>
> On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison
You're better off blocking your game server's TCP port.
On Sun, Nov 29, 2009 at 7:51 AM, Michael Krasnow wrote:
> wait, so this means anyone can go on a server and download a server.cfg?
>
> time to bury my rcon in a crap load of exec files lol
>
> On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison
wait, so this means anyone can go on a server and download a server.cfg?
time to bury my rcon in a crap load of exec files lol
On Sun, Nov 29, 2009 at 7:49 AM, Saul Rennison wrote:
> Awesome. It's not really a server plugin though is it? I'll try this
> when I get home... take over some servers.
Awesome. It's not really a server plugin though is it? I'll try this
when I get home... take over some servers. <3 VALVe security.
On Sunday, November 29, 2009, AzuiSleet wrote:
> Yes well you can ignore those fools. They like to vandalize my pastebin.
>
> On Sun, Nov 29, 2009 at 3:55 AM, cnu wr
Yes well you can ignore those fools. They like to vandalize my pastebin.
On Sun, Nov 29, 2009 at 3:55 AM, cnu wrote:
> On Sunday 29 November 2009 10:26:50 AzuiSleet wrote:
>> Source:
>> http://azu.pastebin.com/m1cd1ab0b
>
> You got some other interesting pastes here :p
> http://azu.pastebin.com/m
On Sunday 29 November 2009 10:26:50 AzuiSleet wrote:
> Source:
> http://azu.pastebin.com/m1cd1ab0b
You got some other interesting pastes here :p
http://azu.pastebin.com/m483ef5a0
http://azu.pastebin.com/f32ff6903
___
To unsubscribe, edit your list prefe
16 matches
Mail list logo