et player hacking server

Discussions about ET modding (sdk code, player/weapon modeling)

Moderators: Forum moderators, developers

Post Reply
crazyfrag
Posts: 105
Joined: Fri Oct 01, 2004 1:17 pm

et player hacking server

Post by crazyfrag »

Hello

Theres a guy faking pb_guids to get acces to etadmin_mod
he takes the pb_guid from one of the admins playing on the servers and get acces to etadmin_mod! he has saved the pb_guids from vsp stats time ago!

this is the userinfo from yesterday when he flooded 3 of our servers with q3fill http://78.46.45.67/bilder/shot0000.jpg
pb ist tooo slow to kick all this fake clients the reconect and reconnet again!

Code: Select all

23:26.34 Userinfo: \challenge\-396981686\qport\3394\protocol\84\cl_guid\G\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^0FUCK ^7EF Clan^0!\model\none\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
thers one thing which is different on him then on all other players!
in his userinfo thers a part \model\ i think this is because he usees some kind of q3 hack or so!

so my question ist it possible to let a lua check if a player uses \model\ in his userinfo and kickes him!

Mfg crazy
[/url]
User avatar
Father
Posts: 107
Joined: Sat Jul 22, 2006 1:30 pm
Location: Czech Republic
Contact:

Re: et player hacking server

Post by Father »

If you don't do it, someone else will.
crazyfrag
Posts: 105
Joined: Fri Oct 01, 2004 1:17 pm

Post by crazyfrag »

this lua runs already....
User avatar
Father
Posts: 107
Joined: Sat Jul 22, 2006 1:30 pm
Location: Czech Republic
Contact:

Post by Father »

Mmm.. new version of Q3 Fill was released at March 5, 2008.
If you don't do it, someone else will.
crazyfrag
Posts: 105
Joined: Fri Oct 01, 2004 1:17 pm

Post by crazyfrag »

i want to just create a lua tha tkicks all players with /model/
jump3r
Posts: 159
Joined: Sun Apr 18, 2004 1:11 am

Post by jump3r »

i had the same problem yesterday, combinedfixes lua didnt worked. hopefully i "fixed" this problem using teh pb_banmask 91.76.

edit:
nah sry, it worked. checking log atm:

Code: Select all

ClientConnect: 6
Userinfo: \challenge\1948536928\qport\42509\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^6dirtyduck\ip\91.76.44.47:42509
ClientUserinfoChanged: 6 n\^6dirtyduck\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 848 connecting with 100 challenge ping
ClientConnect: 7
Userinfo: \challenge\1522610151\qport\42765\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^4lilcrappy\ip\91.76.44.47:42765
ClientUserinfoChanged: 7 n\^4lilcrappy\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 849 connecting with 50 challenge ping
ClientConnect: 8
Userinfo: \challenge\1590903818\qport\43021\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^2crunkman\ip\91.76.44.47:43021
ClientUserinfoChanged: 8 n\^2crunkman\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 850 connecting with 100 challenge ping
fakeplimit.lua: too many connections from 91.76.44.47

Code: Select all

ClientConnect: 9
Userinfo: \challenge\965321965\qport\52749\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^6dirtyduck\ip\83.237.174.149:52749
ClientUserinfoChanged: 9 n\^6dirtyduck\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 853 connecting with 100 challenge ping
ClientConnect: 10
Userinfo: \challenge\217765071\qport\53005\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^4lilcrappy\ip\83.237.174.149:53005
ClientUserinfoChanged: 10 n\^4lilcrappy\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 854 connecting with 100 challenge ping
ClientConnect: 11
Userinfo: \challenge\500553771\qport\53261\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^2crunkman\ip\83.237.174.149:53261
ClientUserinfoChanged: 11 n\^2crunkman\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 855 connecting with 100 challenge ping
fakeplimit.lua: too many connections from 83.237.174.149

Code: Select all

ClientConnect: 13
Userinfo: \challenge\304837677\qport\58637\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^5funnymule\ip\91.76.47.163:58637
ClientUserinfoChanged: 13 n\^5funnymule\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 857 connecting with 100 challenge ping
ClientConnect: 15
Userinfo: \challenge\72568607\qport\58893\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^2crunkman\ip\91.76.47.163:58893
ClientUserinfoChanged: 15 n\^2crunkman\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 858 connecting with 50 challenge ping
ClientConnect: 16
Userinfo: \challenge\1552888191\qport\59149\protocol\84\cl_guid\7D72B6516107D1CF941F8A9E94829B25\cl_punkbuster\1\cl_anonymous\0\snaps\10\rate\1500\name\^7crazyhorse\ip\91.76.47.163:59149
ClientUserinfoChanged: 16 n\^7crazyhorse\t\3\c\0\r\0\m\0000000\s\0000000\dn\\dr\0\w\0\lw\0\sw\0\mu\0\ref\0\p\0\ss\1\sc\0\tv\0\lc\0
Client 859 connecting with 100 challenge ping
fakeplimit.lua: too many connections from 91.76.47.163
Last edited by jump3r on Thu Mar 20, 2008 12:06 pm, edited 1 time in total.
User avatar
dutchmeat
Posts: 62
Joined: Tue Jan 28, 2003 8:08 am
Location: Netherlands
Contact:

Post by dutchmeat »

You could easily create a FakePlayersbug fix using GameMonkey Scriptmod(www.gaminggone.net/gmScriptmod/).
crazyfrag
Posts: 105
Joined: Fri Oct 01, 2004 1:17 pm

Post by crazyfrag »

i can get the userinfo by lua...

so now how do i get him detect /model/ and kick client
User avatar
Luk4ward
Posts: 236
Joined: Sun Jul 30, 2006 1:55 pm
Location: Poland
Contact:

Post by Luk4ward »

Well, its admins' fault coz u have to know:

a) cl_guid can be spoofed
b) do not post full pb guids to public

A fix for vsp stats is here:

http://wolfwiki.anime.net/index.php/Use ... tats_fixes

But u have to clear first the database and run parsing again

p.s i will post soon cl_guid checker merged into combined fixes with logging players with faked guids
wolFTeam.pl
McSteve
Posts: 113
Joined: Tue Sep 12, 2006 7:41 am

Post by McSteve »

crazyfrag wrote:so now how do i get him detect /model/ and kick client
I see your reasons for wanting to do so, but that's really not the best thing to do if there is a new version of q3fill and combinedfixes.lua is not effective. Its not 100% clear if this is the case or not. It might be useful if crazyfrag and jump3r could provide any further information about their experience. I'm especially curious as to why jump3r thought at first combinedfixes wasn't working before checking the logs. Did the server get filled with 'connecting' clients?

@crazyfrag

Luk4ward is right, exposing full pbguids and running mods that use cl_guids can lead to exactly this. If you have not already done so, you should remove any admin priviliges from exposed pbguids. Nothing can be done to restore security apart from having your admins change their guids and not reveal them.
GhosT:McSteve
Ghostworks Gaming Community
User avatar
dutchmeat
Posts: 62
Joined: Tue Jan 28, 2003 8:08 am
Location: Netherlands
Contact:

Post by dutchmeat »

just use getValueForKey, I don't know if etpro's lua has it, but I think it does.
crazyfrag
Posts: 105
Joined: Fri Oct 01, 2004 1:17 pm

Post by crazyfrag »

etadmin priveliegs are alread revoked to 1
and vsp stats only shoes thhe last 8 of guid
Post Reply