---removed, see second post---
izno

Please, I did this a while back. Better not release it.

Did it with codscript and libcod only, although it is possible to exploit with either punkbuster or some server cvar.

Also, your script sucks ass. You have the tiny wait in there, but cod automatically converts it to a ceil(waittime*sv_fps)/sv_fps (aka wait 0.05 on default settings). Furthermore, you have the 9999999999999999999999, which is way larger than the signed 32 bit integer in cod2 can actually take, making it into a nice overflow bug.

This exploit (and related ones) are actually known by several scripters for the old cod games and the reason they arent releasing it is due to the lack of any patches happening. This is also why im editting your post and removing all info from it for ppl to use.

Okay, I was confused why it has nowhere been posted, because it is actually a very obvious exploit.
But 9999999999999999999999 is double quoted, a string like s1 to s20 too. It's no integer. Why it should cause an overflow? Does the compiler convert it to integer?
Well, I'm new to CoD2 scripting and this bruteforce attack was just a prototype. I already improved it. The problem with the waitingtime is, if I leave it out completely, it will go very fast but after a few seconds it will cause an overflow. I guess it's just my bad computer. But maybe it's a limitation of the game.

It's not your bad computer, look at the ceil() thingy i posted.
Your wait 0.000000001 is actually waiting 0.05;

About the string stuff: i didnt properly see it then :P

Just, dont brute force, especially not for the entire(!) cdkey string. If you want to brute-force, just do it on a per-string basis. Saves you from 36^20 to 4*36^5, which should be quite a dramatic increase.

No need for external (c++) scripts either though with the more established exploits.