Multircon

#######################################################################
Multircon
by Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
#######################################################################
as any other tool on my website multircon works from the console so the
first thing is just launching it (many people are blocked in this
stage):
http://aluigi.org/about.htm#howuse
Now let's go with the usage of multircon.
The tool is composed by two parts, one specific for the remote
administration of a server using one of the protocols supported by the
tool and another one (which seems the most used one) for the brute
forcing of the rcon passwords.
multircon [options] <host> <port>
options are just the optional parameter that you can specify to the
tool, they must be specified ever before the host and the port fields
by default the tool uses the Quake 3 rcon protocol
host is the server hostname or IP address
port it's rcon port
The following are the options:
-p PASS
by default the password is requested at runtime when you launch the
tool, this option allows you to avoid to reinsert the keyword, useful
for example if you want to launch a one-shot command or use the tool
often with the same server
-c CMD
the one-shot command, in short multircon connects to the server and
sends this command, wait the reply of the server and then exits
-i
this option is very useful, it forces the tool to request informations
to the remote server and automatically sets the needed rcon protocol
and continues with the execution
-I
as above but exits after having visualized the received query
-f FILE
this option specifies a file containing all the commands you want to
send, they must be one per line. very useful for sending batch commands
through rcon
-t TYPE
forces the usage of a specific rcon protocol of those supported by the
tool
-a
asynchronous commands, the explanation is very simple: instead of
waiting for the server's data after each rcon command you sends, this
option allows you to return quickly to the input entry (where you can
insert the next command) and the incoming server's data will be
visualized just when it arrives in any moment
-s SEC
sets the amount of seconds to wait after you send a command for
returning to the input entry, this works only in synchronous mode (so
not with -a)
---
Now the brute forcing part, remember to use the -i or the -t options
above for setting the proper rcon method:
-b ?
shows a quick runtime help screen about the available brute forcing
options
-b L T
the classical brute forcing method, L is the max length of the
passwords you want to scan while T is the table, it's composed by the
first and last char you want to use in the scanning
for example if you specify -b 8 az the tool will try all the passwords
of max 8 chars containing the chars from 'a' to 'z' while -b 8 09azAZ
all the alphanumeric chars
-B OLD
this is the recovery option, use it if you break a scan and want to
recover it, for example -b 8 az -B oldpass
-w FILE
the wordlist brute forcing, instead of trying any char in the chartable
this option allows you to try all the words contained line-per-line in
the file FILE
-W OPT
this option allows you to choose 3 types of wordlist scannings: 1 for
trying any low and high case of each char in the password, 2 for trying
only the low case and 3 for only the high
-d MS
amount of milliseconds to wait before reseding the new rcon password
request, it's 500 by default since it's the minimum for Quake 3 servers.
read below about why this amount of ms is needed
---
I initially wrote this tool for the Quake 3 engine and the brute
forcing option has been added only for testing and because it didn't
cost anything to me but there are tons of problems with it.
The Quake 3 engine uses an anti-brute forcing mechanism which tells the
engine to process only one rcon command each half second, and it's not
important if a valid admin sends a valid rcon command because if it's
arrived after another invalid command send by another IP within the
same half-second, it will be dropped.
That's the reason about why the brute forcing part of multircon is
totatlly useless (at least for the Quake 3 engine) and also because
there is the common problem of any brute forcing scan: the time
I hate brute forcing since takes tons of resources and in the case of
rcon brute forcing it's results are uncertain too because you will
never receive a "invalid password" reply from the server and so you
will never know what and how much packets have been dropped by the
server
So resuming: 500 ms limitation, normal endless time for scanning and
uncertain results.
The good thing of the 500 ms limitation is just that the problems had
by an attacker are the same of the admin since a flooding of rcon
commands sent within the half-second can block a valid admin which
wants to send rcon commands.
This is probably the best usage of the -d option and it's also the
reason why I created a so called patch which allows to disable this
limitation in the own Quake 3 server.
---
The folowing are the same examples available in the description of the
program on my website:
- password guessing using passwords of max 8 chars and with all the
possible alphanumeric: multircon -i -b 8 azAZ09 SERVER PORT
- recover an old password: multircon -i -B OLDPWD -b 8 azAZ09 SERVER PORT
- wordlist: multircon -i -w WORDLIST.txt SERVER PORT
- rcon DoS: multircon -i -b 10 09AZaz -d 100 SERVER PORT

Multircon

Uploaded by

Copyright:

Available Formats

Multircon

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Multircon

Uploaded by

Copyright:

Available Formats

#######################################################################

You might also like