CS Server Download Vulnerability

I really think this thing can be used for intrusion.
Because the official patch bar dll exe com vbs files are not allowed to be downloaded.
If it's just to prevent the CFG leakage of the password file, why should we disable it?

 

CS host remote control methods and countermeasures for malicious Control
Author: huoqi gun and sword Source: huoqi Studio (tcno.net) Date:
A half-lived CS server, commonly known as a host, has a remote control function. The Administrator uses the password to control the server and does not even need to enter the game. This article uses counter-strike 1.5 as an example to explain how to remotely control the CS host and how it is maliciously controlled. Other applications such as 1.6, 0-point operations (CZ), CS: source, and half-life are also applicable.

1. Remote control using the correct remote control password.
There are two types of cs host: Server and listenserver. The former is an independent server, and the latter is a host established by a general player and in which the game is played (usually called a host ). CSProgramThe game in the cstrike directory is read when the host is created. CFG, listenserver. CFG, server. skill in the cfg and valve directories. CFG (this file is usually packaged in pak0.pak) and other settings parameters in the file. Among them, game. CFG mainly sets game parameters. server. cfg and listenserver. in CFG, set the game parameters in two cases: Server and listenserver. Skill. CFG is used to set some parameters for a half-life game. However, the game parameters can be any of the above configuration files, and there is no strict limit (except the difference between server. cfg and listenserver. cfg is strict and cannot be both valid ).

The parameter used to set the remote control password is "rcon_password". The password cannot contain spaces. You can also enter it in the console after the host is created, instead of in the configuration file.

After learning about the password of a host, there are three login methods (there may be no limit to three, but I am only familiar with these three methods ):
1. Enter the host in the game and enter "rcon_password" on the console to obtain control.
2. log on to the console and enter "rcon_address Host IP Address: Port" (without the port number by default) to connect to the host. Enter "rcon_password" to obtain control.
3. Use dedicated remote control software such as hlsw to set the IP address and password of the host, and then use the dedicated software to control the host.

After controlling the host, the format of all remote control commands is "rcon [space] [command]". In the case of remote control, change the remote control password "rcon rcon_password new password". After the change, You need to log on with your password.

Remote Control login status is invalid after the game loads a new map. You need to log on again.

Due to the lack of security concerns of producers, some unofficial CS versions set Remote Control passwords by default. For example, people on earth know www.cs-cn.net. The hosts created by these games generally have one or several URLs in the welcome information (cstrike/motd.txt). Generally, This is the remote control password. What I know is: www.cs-cn.net; www. weini. TV; www.bimnm.net; zisaimingzhu "! # % & (Lightmusic) and so on. If you are using these versions, check and clear these default Remote Control passwords.

2. Remote Control of Configuration File Download through vulnerabilities.
Cs1.5 server program has a vulnerability. This vulnerability allows attackers to download the configuration file on the host. The command is "cmd dlfile file name ". If you want to download listenserver. cfg, the command is "cmd dlfile listenserver. cfg ". Of course, this command can also download the configuration files of AMX and Other plug-ins under the Addons directory, but you only need to add a path.

When downloading an object, you must have no duplicate files in both the cstrike and valve directories. Otherwise, there is only one progress bar and the object will not be downloaded.

The solution to this vulnerability is to upgrade the server program version to hlds4111e or above and install the hlds4111e patch. Of course, generally, there is no need to set a remote control password for listenserver. It doesn't matter if you do not install patches.

Iii. Countermeasures after being maliciously controlled.
Once the console is under control and closed, it is generally better to quit. There is no countermeasure. To prevent being controlled, you need to install patches and do not set passwords at will.

This paragraph is of little significance. It can be said that it is just about writing and playing and introducing a preparatory measure.

Always maintain control. Generally, the host must always master the console. A good way is to give "~" Key Binding Console Command "bind ~ "Console 1; toggleconsole "". In this way, There are two operations: Switch the console and allow the console. After this is done, you do not need to add parameters to the game shortcuts. In any case, you can press the console. To avoid remote "unbindall", you can write this command in kb_def.lst. Once control is found, Press ESC (the ESC key cannot be unbound) to restore the key settings at the key settings, and then open the console to change the remote control password (rcon_password # $ % ^ % $ ).

4. Control the "vicious" tactics of hosts.
This section is definitely not an instigation. It's just about writing and playing. We definitely do not use nuclear weapons first: D.

First, "rcon rcon_password new password", change the password to prevent the same path.

Then, "console 0" closes the console; "Unbind H" cancels the control menu; "Unbind =" stops shameless hosts that use robot plug-ins to kill.

Close the game door and practice with the Host: "sv_password game password ".

Let the host rest "rcon unbindall" (cancel all the buttons except the ESC key)

End the game! "Rcon quit" or "rcon exit ".

Of course, if you are idle, you can write a control script. Practice has proved that it is also possible to operate on the host if necessary (unfortunately, you cannot control the mouse to aim at it ).

Let me know if you need to know more about it. The ancient cloud flies don't have to worry about seamless eggs. Remember to leave no safety dead corners!

Note)
Be sure to rename or delete the downloaded password file (such as listenserver. cfg ). First, it will not affect future downloads. More importantly, if you do not take it away, this vulnerability will be taken when you create a game again. Remember.