Posted November 28, 200321 yr Im not much of a Counter Strike player much anymore, so I figured ide send out this info to anyone who's interested. rcon password: First goto your cstrike directory rename server.cfg to somthing else. Open Cs and connect to a game, open console run command [cmd dlfile server.cfg] then back to your cstrike directory. Open the newly created server.cfg and look around. Somtimes youll fine user file path's, and on occasion a rcon password. If you dont know what to do with it sux for you. adminmod user's file: Open Cs and connect to a game, open console run command [cmd dlfile addons\adminmod\config\adminmod.cfg] this hold's the adminpass.cfg info. Then run [cmd dlfile addons\adminmod\config\users.ini] look thru them in your cstrike\addons\adminmod\config\ folder and youve got either wonid + password or mabey username + password. Mabey log on with their admin access? other use's: Look thru their config.cfg file and stuff, maplist, banned list, anything can be seen. Download the files you find in the text doc's mabey somthing useful. forgot to mention im playing 1.5 might work on 1.6? Hope this was useful.
November 28, 200321 yr this "bug" was patched in 1.5 and 1.6 a while back...rarely works anymore. you can still sniff it by finding the logfile change info in packets with a packet sniffer :)
December 3, 200321 yr this "bug" was patched in 1.5 and 1.6 a while back...rarely works anymore. you can still sniff it by finding the logfile change info in packets with a packet sniffer :) rcon sniffin only works if you are between the client and server (example: On a mini-lan which uses a hub) !
December 3, 200321 yr wrong..I posted a link to a freeware packet monitoring tool a while back that will capture all packets that go through your NIC, and define them, piece by piece...find the ones containing the ascii text logfile changefiles, and they containg the changed info in clear text (it breaks the ascii from hex back into ascii for you in a subwindow)...if you're running this app on "capture" while in a server, and anyone logs into rcon, the unencrypted PW is there in clear text once you find the right packet :) I run CS on two different machines in my house...one's throuogh a router, the other's through a switch direct to modem...this app works on both of them, when connected to pub servers...it also works to "break" passwords on password protected private servers.
December 4, 200321 yr hmmm, ... it sounds easy! For example (step by step)! 1. Start Ethereal (Packet-Sniffer) 2. Start to Scan 3. go on on a server 4. wait until a admin sends a rcon command 5. quit, and filter the scan Is that right? I thought that only works if youre between the server and the client... Because: Why do the server sends the uncryted rcon pass (by plaintext) to your client? why? who has coded theese shit? =) edit: But how you break server-pwds of private-servers?
December 4, 200321 yr exactly corect...and the rcon commands and log changes go to every player connected to server...which is why you USED to be able to open the tv***.txt file in cstrike or on the root of the partition containing your HL executable until THAT was patched, and read the rcon PW if it was entered in the clear (patched in 1.4)...or work to de-encrypt it if it was encrypted, by various methods... as far as how do you break the PW on PW protected servers...the PW is listed in that same ascii textfile...so if you connect ethereal, then attempt to connect to server, it still sends you a primary logfile in ascii format before dumping you for not having PW...go through the packets, and find the ascii text file (it's usually all one set of consecutive packets), and look for "server_pw="<password>""....then you have the PW. and the reason password sniffing works with a packet analyzer in the clear seems to be because encryption (if done by a mod, rather than a third party application) is a function OF the mod...so the textfile changes are sent in the clear and THEN the mod encrypts them as a second step, changing the "clear" password in the packet to the encrypted one in the log..but I haven't looked at it closely enough to be CERTAIN that this is why this happens this way...it's just an "educated guess" right now, based on what I've seen while messing about. It's also possible that since I look for HLSW rcon logins, rather than physically present adminmod or amxmod rcon logins that I'm finding it unencrypted because HLSW doesn't do the AMX/Adminmod encryption....
December 5, 200321 yr @PsychoBud: it dont work 4 me... I started to capture, join the pw-protected server, get "Invalid password", but can't find find the pw in the scan... It arent exist!! Heres the ethereal log: http://mitglied.lycos.de/scoperownzyou/eth.txt
December 5, 200321 yr hrm...it's worked in the past for me...did you try that before or after the latest Steam patch? And do you know if that server runs encryption (I don't know whether either of these have any bearing on server PW, but I'll look into it)
December 5, 200321 yr hrm...PM me server IP, and I'll run a few tests on it, and other passworded servers....I dunno why it's not showing up..that much of the logs SHOULD be sent anyhow....
December 5, 200321 yr try it filtering containing "pw"...I didn't test the password, but I got a line that appeared to be one.
December 9, 200321 yr cmd dlfile server.cfg cmd dlfile adminmod/ whatever files you want auto crash cmd dlfile maps/de_dust.bsp very simple
![Guest [-eViL-mAnIaC-]](https://myg0tforum.com/static/resources/core_84c1e40ea0e759e3f1505eb1788ddf3c_default_photo.png)