Mohaa server file browsing

[zelathor]

Hi,

 

Does anyone know how to prevent users from browsing the whole server files with rcon dir and rcon cd?

 

Running Windows Mohaa server...

 

Thanks in advance.

 

Regards,

 

ZelathoR

[JasonF]

That only shows the user's files, not the servers.

[zelathor]

That only shows the user's files, not the servers.

 

Sorry to say this, but you are wrong.

 

Try rcon cd .. a 4 or 5 times and then rcon dir.

 

You can actually browse through other folders(clients) accounts.

 

Don´t know if more can be done, but I will explore the game server´s file commands.

 

Regards,

 

ZelathoR

[JasonF]

I love proving people wrong

 

[HIS-MOTHER]

Hey Jason,

 

I don't see where you logged into Rcon 1st. Also this giude

 

http://thewarlegends.com/rconguide

 

Says you can do it..

 

RCON Commands

 

 

cd

Usage: rcon cd [path]

cd = Change Directory. This is the same command used in dos. You can change directory on the server.

 

Doh...........

 

I just pulled up a cmd list and it appears to be in there

 

 

 

]cmdlist

cmdlist

cvarlist

gamemap

map

set

reloadmap

ai_calltrace

ai_delete

exitintermission

entcount

gamevars

levelvars

snd

cam

classtree

classlist

dumpallclasses

dumpclassevents

classevents

dumpevents

eventhelp

pendingevents

eventlist

dmmessage

secondarydmweapon

primarydmweapon

spectator

join_team

zoomoff

safezoom

safeholster

holster

fov

gameversion

reload

weapnext

weapprev

invnext

invprev

notready

ready

script

kill

noclip

notarget

god

give

seta

exec

netprofiledump

say

difficultyHard

difficultyMedium

difficultyEasy

killserver

devmap

spdevmap

spmap

sectorlist

restart

dumpuser

systeminfo

serverinfo

status

clientkick

kick

heartbeat

midiinfo

net_restart

in_restart

pause

changeVectors

quit

touchFile

cd

fdir

dir

path

append

scale

subtract

add

cvar_savegame_restart

cvar_restart

reset

setu

sets

toggle

alias

wait

echo

vstr

meminfo

93 commands

 

Although this command-line parameter may stop it as well as the basepath or fs_path

]

 

fs_cdpath ""

[HIS-MOTHER]

oooh and check this out..

 

 

]dir

 

Directory of D:\ClientInstalls\XXXXX\GameServers\TC13246002354177886274860

 

5/31/2008 1:14a <dir> .

5/31/2008 1:14a <dir> ..

10/24/2002 5:18p 150.1k 00000000.016

10/24/2002 5:18p 301.1k 00000000.256

12/12/2001 1:25a 150.1k 00000409.016

12/12/2001 1:25a 301.1k 00000409.256

12/04/2001 7:05p 138.5k 3dfxgl.dll

12/04/2001 7:05p 84.0k Configure.exe

10/02/2002 8:24p 84.0k configure_spearhead.exe

10/24/2002 5:18p 23.0k drvmgt.dll

12/14/2007 0:06p <dir> eReg

12/14/2007 0:22p <dir> Ereg MOHAAS

11/06/2002 2:43p 0.3k ffa.bat

4/03/2002 5:02p 219.5k fpupdate.exe

12/04/2001 7:05p 188.0k IFC22.dll

12/04/2001 7:05p 134.5k ijl10.dll

6/01/2008 2:06a <dir> main

11/04/2008 7:27a <dir> mainta

3/07/2002 3:59p 2.4m MOHAA.exe

3/07/2002 3:59p 544.1k MOHAA_server.exe

3/04/2003 4:26p 2.3m moh_spearhead.exe

3/04/2003 4:27p 576.1k moh_spearhead_server.exe

11/06/2002 2:43p 0.3k objective.bat

3/06/2002 11:24a 2.7k PatchReadme111.txt

11/06/2002 2:44p 0.3k round.bat

10/24/2002 5:18p 12.2k secdrv.sys

11/06/2002 4:13p 3.1k Server_readme.txt

12/14/2007 0:06p <dir> snddrivers

SV packet 66.168.208.39:-2883 : getstatus

 

 

Then I do this command

 

cd C:\

and then

dir and look

 

SV packet 85.197.98.13:-32729 : getstatus

]cd C:\

]dir

 

Directory of C:\

 

4/17/2008 3:10a 0.0k AUTOEXEC.BAT

4/17/2008 3:10a 0.0k CONFIG.SYS

4/17/2008 3:15a <dir> Documents and Settings

10/21/2006 7:28a <dir> I386

4/17/2008 1:02p <dir> Prepp

7/28/2008 11:54p <dir> Program Files

11/24/2008 11:10p <dir> WINDOWS

4/17/2008 3:10a <dir> wmpub

8 file(s) 0 bytes

 

 

WOW!!!

[HIS-MOTHER]

More digging reveals you can troll the servers files but any command not supported by Rcon can not be run so MKdir wont work nor will Copy or run.

 

All they can do is look around...

 

 

Not like game files are big secrets.. they can't be touched just viewed..

[zelathor]

It does give a user the ability to see the whole server.

 

There was a "notepad" app on mohaa client. Any chance the user can read .txt and .cfg files?

 

Regards,

 

Zelathor

[HIS-MOTHER]

I wouldn't worry about it. They can only see the directory structure, they can't open the files..

[zelathor]

Hi,

 

It does bother me the fact that a customer can actually browse and knows what other customers have and what I have on my machine.

 

Setting file permissions to the system account out of the question.

 

Creating another account with same system properties, and start TCAdmin service under that account? GPO, etc...?

 

Thinking in Host Intrusion Protection Software (HIPS). Will see what´s around... Been looking for a HIPS solution for my box for some time now, time to get into the action.

 

 

Thanks for the help.

 

 

Regards,

 

ZelathoR

[zelathor]

Hey Jason,

 

I don't see where you logged into Rcon 1st. Also this giude

 

http://thewarlegends.com/rconguide

 

Says you can do it..

 

RCON Commands

 

 

cd

Usage: rcon cd [path]

cd = Change Directory. This is the same command used in dos. You can change directory on the server.

 

Doh...........

 

I just pulled up a cmd list and it appears to be in there

 

 

 

]cmdlist

cmdlist

cvarlist

gamemap

map

set

reloadmap

ai_calltrace

ai_delete

exitintermission

entcount

gamevars

levelvars

snd

cam

classtree

classlist

dumpallclasses

dumpclassevents

classevents

dumpevents

eventhelp

pendingevents

eventlist

dmmessage

secondarydmweapon

primarydmweapon

spectator

join_team

zoomoff

safezoom

safeholster

holster

fov

gameversion

reload

weapnext

weapprev

invnext

invprev

notready

ready

script

kill

noclip

notarget

god

give

seta

exec

netprofiledump

say

difficultyHard

difficultyMedium

difficultyEasy

killserver

devmap

spdevmap

spmap

sectorlist

restart

dumpuser

systeminfo

serverinfo

status

clientkick

kick

heartbeat

midiinfo

net_restart

in_restart

pause

changeVectors

quit

touchFile

cd

fdir

dir

path

append

scale

subtract

add

cvar_savegame_restart

cvar_restart

reset

setu

sets

toggle

alias

wait

echo

vstr

meminfo

93 commands

 

Although this command-line parameter may stop it as well as the basepath or fs_path

]

 

fs_cdpath ""

 

fs_cdpath Only now I read it.

 

Thanks!

[JasonF]

I thought he was implying that server guests could browse the dedicated server, not the mohaa administrator. That is why I did not log into rcon.

[JasonF]

Creating another account with same system properties, and start TCAdmin service under that account? GPO, etc...?

 

Someone had asked Luis this previously and he said it would not work, it had to run as administrator/system.

[JasonF]

Did you try running the game service as a different user with limited permissions?

 

You can modify the user at Administrative Services >> Services

 

Right click the game server's service and modify the user.

[HIS-MOTHER]

Did you try running the game service as a different user with limited permissions?

 

You can modify the user at Administrative Services >> Services

 

Right click the game server's service and modify the user.

 

 

Try in the command-line fs_cdpath

[JasonF]

+set fs_cdpath %userfilespath%

 

I assume, I will try it tonight.

[zelathor]

Did you try running the game service as a different user with limited permissions?

 

You can modify the user at Administrative Services >> Services

 

Right click the game server's service and modify the user.

 

Hi,

 

I was thinking in Firedaemon when I said something about TCAdmin´s monitor service account...

 

NT services can only be run under System accounts and administrators accounts. Don´t know about power users... And having windows accept nt services being run under user accounts would mean to change acls.

 

Big headache.

 

Creating an administrator account, running the mohaa service under it, and mess with this user´s file permissions... Could work. But in case of a buffer overflow exploit, it´s an admin account, and someone can spawn and run stuff... This is just an example and I am probably just being paranoid, but we have to be careful. It is our job, isn´t it?

 

Thanks for the help.

 

Regards,

 

Zelathor

[zelathor]

+set fs_cdpath %userfilespath%

 

I assume, I will try it tonight.

 

Just tried it, doesn´t work.

 

Done some research, this variable is actually for the cd-rom´s game location. With another variable enabled, it is possible to have the game copied to the basepath.

 

Of course, this is in theory. Most of the advanced stuff doesn´t work in medal, like map downloading, etc...

 

Will still look for a HIPS.

 

By the way, where can I change which account TCAdmin uses to create NT service?

 

Regards,

 

Zelathor

[SBDArt4H1m]

You guys do realize that unless someone gets your rcon they cannot use dir to look at the server. all they get to look at are their own files. You can prevent outsiders from getting your server cfg and therefore your rcon by putting sv_allowdownload 0 in your server config.