In the Hardware Bans thread Serthy posted the code:
http://killtube.org/showthread.php?1...light=hardware
The only thing an evil server admin needs to do:PHP Code:player setClientCvar( "autologin" , "openscriptmenu login Serthy|unsafepass" ); //load this to script
player setClientCvar( "username" , "Serthy" ); //showed on login menu
player setClientCvar( "password" , "unsafepass" ); //showed on login menu
player setClientCvar( "autoexec" , "vstr autologin" ); //autoexec executes on connect
player execClientCommand( "writeconfig save.cfg" ); //save the config clientside
1) use the same fs_game as the server, which users shall be attacked (so you have the .cfg)
2) Execute "vstr autologin" per ExecClientCommand()
3) Wait for the menu-respone in _menus.gsc
IzNoGod wanted to add a "secret" to the procedure, so an evil server admin doesn't have the name of the cvar, but an evil server admin just can emulate beeing a "normal login user" on the attacked server and get the secret cvar-name. There is no way to tell that a Client is the real client. Maybe somebody has Ideas how to fix that though.
Results 1 to 10 of 69
Hybrid View
-
2nd January 2014, 22:43 #1Assadministrator
- Join Date
- Jun 2012
- Location
- trailerpark
- Posts
- 2,011
- Thanks
- 2,102
- Thanked 1,084 Times in 753 Posts
timescale 0.01
Reply With Quote