Posted November 10, 200321 yr If you're looking for a way to sniff the logs that appear on your hard drive while in server in a CS/TFC or other HL engine game (the logs that contain admin password info), I've just found a freeware tool that may help. http://www.openxtra.com has ethereal-xtra freeware, which does packet sniffing of all traffic over your internet line...nice labelling, too...if you do a capture while in game, it sniffs and stores all packets that pass along your service line. I've discovered you can find the packet(s) containing the ascii logfiles fairly easily, and this program even represents the ASCII encoding as text for you in one of the subwindows....which means if someone logs into rcon through HLSW while you're in server, and you capture the "event" when the log update is sent, you gain an unencoded rcon password, and the server IP related to it. Have fun, guys :) Oh, and as a BTW...this should help you find logfiles from any OMPG out there, though they may not always use ascii textfiles as logfiles...if you use it on BF, or any other "dedicated server" game out there, and bother figuring out the values encoded, you should be able to "read" any logfile....I'm experimenting with finding admin info on BF servers currently...if I find a method that's reliable, I'll post it in other games help. I'm also looking into possible uses for assists in cracking webserver and FTP accesses, but I'm not all that certain that this particular tool can help, there.
November 11, 200321 yr Author np man...when I find good "abusable" tools, I'm always glad to point them out to others :) Don't see how this could help if included with a trojan, but it's useful for "prowling" (try direct connecting to someone on AIM or any other messenger with it running <evil grin>) BTW...foundstonetools has a good multiport scanner I like, for searching out compromised machines within the domains of certain providers....called superscan...it's free on their site, and has a simple GUI interface...makes searching for PCs infected with Optix or Beast simplicity itself :) (their site is also where you get F-pipe, and several other decently abuseable admin tools)
November 12, 200321 yr hey PsychoBud ... i used the prog while connected to a server and im not receiving the logs u were speaking of.. a little help please
November 12, 200321 yr Author you have to start capture before entering game, and stop capture after exiting...this saves all packets that went in or out of your serviceline while you were playing.... then you have to find the packets that contained the changefile instructions for the logfile (which is tedious and boring scutwork) once you find and identify them, since they are ascii-in-bianary format represented in hex, one of the subwindows is nice enough to tel you in straight text what lines were changed by showing you the new info in clear text...so if you find the one where someone logged into rcon, it shows you in the clear the change in the text line of the file where someone logged in...showing the password, and everything.... basically, you'll see one of the data lines of the packet where login occurred as <a bunch of shit you really don't give a shit about> <ip> rcon_pw <password> <a bunch of shit you don't really give a shit about> al on a single dataline of a packet, in the middle of a bunch of other datalines about the packet...to narrow your search down, look for packets as you page through that show the value of data in clear text, rather than as ......0....., ....0....., ....1...... and such.
January 8, 200421 yr Hey what programs should you use after you've had Ethereal on while direct connecting to someone on AIM?
January 8, 200421 yr Author well...DCing someone on AIM only gives you their IP, and miscellaneous information about what OS they're running, and possibly some system stats (if you know what you're looking for), so it doesn't really help you to compromize their system at all, just gives you a bit of information that's helpful to you if you intend to compromize them. There's really no program(s) I could advise using to help compromise someone after an Ethereal capture of data exchanged during an AIM session...best bet in the case of AIM is to use one of the AIMhacks out there, or to send them a RAT server disguised as something else...possibly bound with another program that they'll be certain to run, or possibly configured to autoinstall on download...depending on how talented you are. Otherwise, you're pretty much stuck at identifying the OS and service pack they are running, using the IP you could have gotten just as easily by running netstat-ao while direc connected to them, and then finding an exploit of the OS that allows what you want to happen...and that's really pointless, since most people wil freely tell you what OS and SP they're running over AIM. The reason I suggested connecting to someone while DCd is it will tell you everything there is to know about the "background info" transmitted by their machine...IP, OS, SP, system specs and stats...everything a talented website admin can dig up on someone who's visited their site.
January 8, 200421 yr ok, so i start the program, go into a uk2 server in cs window mide, go on uk2 irc and say "hey wtf hackers", then a uk2 admin comes running, i disconnect, check log, use password, fuck around also, have you pulled this off or is it somthing you are toying around with
January 8, 200421 yr Author I've pulled it off rcon password always has been stored in logs, in clear (look at old posts and articles regarding this "exploit")...but Valve included a patch in 1.3 to 1.4 that made it so the log was difficult to open and/or save...it could still be done for a whiel, but was complicated, and chancy...in 1.5-1.6 changeover, they made it so that NONE of the stuff I had would copy/open the logfile while runing, and it dissappeared as soon as you left the server...no chance to quick-copy. So I hunted up a "traffic monitor" program that captures ALL data over your line for a set period, knowing the logfile would have to be in it...I got lucky, and found one that would also interperet ascii for you, so you didn't have to learn to identify it in raw hex, and then translate it.
January 8, 200421 yr "then you have to find the packets that contained the changefile instructions for the logfile (which is tedious and boring scutwork)" cant you just use the search function for "rcon" or something.
January 8, 200421 yr Author yeah...I'd discovered that function AFTER I made the post...someone here brought my attention to it...filter "rcon" helps ALOT
January 15, 200421 yr Psycho....this is some really good shit my friend....very good indeed. :grin1: It works mint.
January 15, 200421 yr For it to work does some one have to log in Rcon, or just send an Rcon command?
January 15, 200421 yr Author you know...I'm not certain...I always look for "rcon_pw <password>" in the text...I *think* that only goes into the files if someone logs in, but I'm not positive.
January 19, 200421 yr PsychoBud']yeah...I'd discovered that function AFTER I made the post...someone here brought my attention to it...filter "rcon" helps ALOT Where do you filter for rcon, and what settings do you use. Other than that I've had no problems.
January 21, 200421 yr I got a small question about this program i got installed and running but it only detect my network card but i dont have network to moniter it. how can i configure it to capture my modem
January 21, 200421 yr Author I got a small question about this program i got installed and running but it only detect my network card but i dont have network to moniter it. how can i configure it to capture my modem it captures all traffic in or out of your NIC, doofus....LMAO if your machine is the only one connected to the modem, it captures all traffic in or out of the modem, as well, automatically...and your NIC is, by default, the "network" it is monitoring.
January 24, 200421 yr psycho if you know where i can find a hl cd key generator please pm me. i got vac banned for the first time today after playing cs since it came out. hehehehe
January 31, 200421 yr I get: Unexpected end of filter string When i try to filter at the lowest part of the screen. I really dont get it, could u make a tutorial or something? /B
February 7, 200421 yr how to filter useing OpenXtra save the log of the packets open log file go to edit, click on find type RCON there, no filter string needed for you retarded monkeys that are typing rcon in the filter string and can't figure out why its not working.
