A Warning for all server owners

[cmb]

Well, Im sure you all know that I've talked about the protection of these files, how there is no auth system etc... Well I made another discovery today, while I was Ducking around with that Rawr Raiderz server. It is a rather shocking discovery and left unchallenged, will destroy ALL RaiderZ private servers.

Some of you know about the in-game console? In case you didn't you can access it with Ctrl+~ (tilde) which then you can enter commands into. Some are normal commands, others are GM commands which obviously only GMs should be able to run. This is not the case though, I tried a few of these GM commands on that server, first using Exile's own account, then after I decided to show them how little protection there is, they decided to make threats. Fine, I will just show you all the commands you will need to wreak any sort of havok on ANY RaiderZ private server.

First off you want to open up the console, the next part is really easy; all you gotta type is

setme grade 3

now you can experiment and do whatever, honestly Im not even sure if this line is needed, you could probably just start running any old command you want. Oh yea I almost forgot, to get the command list type

help

inside the console, the command descriptions are all in korean, so if you know how to read it, good for you, otherwise experiment a bit Oh yea, last but not least, wreak havok. As there is no way this problem will get fixed, especially when noobs are running the server

 

[master_unknown]

of course, since we are using the test client.
can be fixed though.

 

[Dawson]

Yeah TBH the only way I can see fixing this is re-mapping out all of MComamnd but on this new engine, so we can control packets. (Server DLL that detours some functions to disable x packets, not hard just the actual learning of the new MCommand that is)

 

[cmb]

of course it is fixable but I doubt that the fix if ever made will never see the light of day here.

 

[laukinfai001]

i jump to command,,,,,is now invalid

 

[cmb]

i jump to command,,,,,is now invalid

You must be registered to see links

that is great and all, but one can simply just use the older exe

 

[laukinfai001]

that is great and all, but one can simply just use the older exe

haha,,, this is wrong,,,,

---------- Post added at 10:53 AM ---------- Previous post was at 10:37 AM ----------

Can do a lot of effect

 

[master_unknown]

that is great and all, but one can simply just use the older exe

We can make a launcher that MD5 Checks the Client.
However IT DOES NOT protect us from users who can bypass our launcher

@cmd
Idk but in my server, ctrl+~ works but inputting any command doesn't affect the game nor the database at all.
example if I input @setme grade 3
No effect.

Hmm.

 

[laukinfai001]

We can make a launcher that MD5 Checks the Client.
However IT DOES NOT protect us from users who can bypass our launcher

@cmd
Idk but in my server, ctrl+~ works but inputting any command doesn't affect the game nor the database at all.
example if I input @setme grade 3
No effect.

Hmm.

no @......

 

[MCHammer00]

Lol. it's sad that som1 wanna crash or hack my server, since im the first server. while having a group of members.

---------- Post added at 01:12 PM ---------- Previous post was at 01:07 PM ----------

and then posting in a section to help people out how to make it work, and them trying to hack it. ROLF. SAD?

 

[Zaruna]

Gotta agree, this post shouldnt even be welcome on Ragezone. only point to this like the OP said is wreak havok? Which is not spelled right but still, Jealous much? xD

 

[DF08Said]

do u guys know how to lock a column so that it allways stays the same number in MSSQL 2008?

 

[wesman2232]

This kind of post is both GOOD and bad for the community.
Good because we now know that there is something that can f**k up someones servers, it is a command, and all we need to do is disable it. Save people from homos trying to wreck servers.

Bad because it it can be used for wrong doing.

It's more GOOD than bad.

 

[Cain142]

Well it is funny and it is easilly fixed by changing all commands on serverside files to a custom set of commands. It only takes a minute to do these changes and completely blocks out any attempt even if a person tries to send out commands to server.

So for that warning, i suppose that only if you are a complete Special person then it is something dangerous with it.

 

[cmb]

Well it is funny and it is easilly fixed by changing all commands on serverside files to a custom set of commands. It only takes a minute to do these changes and completely blocks out any attempt even if a person tries to send out commands to server.

So for that warning, i suppose that only if you are a complete Special person then it is something dangerous with it.

lol, the commands are built into the client and the gameserver, it isn't as simple as editing a few files

and I really don't care how people use this security hole, hence why it is here

 

[devilaz123]

Well it is funny and it is easilly fixed by changing all commands on serverside files to a custom set of commands. It only takes a minute to do these changes and completely blocks out any attempt even if a person tries to send out commands to server.

So for that warning, i suppose that only if you are a complete Special person then it is something dangerous with it.

well if it is so easy for you,would you mind sharing it with us?or posting a guide,would help alot.

 

[Cain142]

lol i had a bet with a friend saying that wonder if the next post in this thread will be show us how to do that.
No im not going to show you how to do it. Use your brain alittle and you will figure it out. It is not hard doing it and it can be done with 2 simple methods. And they are..

1 Debugging
2 Packet interception

 

[Thunda]

All server owners?! Are there any server yet? I saw one in the private server section, but as i know it got hacked or sth like this. I'd gladly ask to make a section for RiderZ pservers or at least thread.
Thanks in advance!

 

[RIMBROS]

Interesting where i can found the files to test? i think i can make a special server only modding. Also, have this game source codes to compile the tools like object and maps creator.?

 

[Dawson]

Interesting where i can found the files to test? i think i can make a special server only modding. Also, have this game source codes to compile the tools like object and maps creator.?

Some people have source code, this is just binary releases. But the source isn't required for a large portion of content creation.