GUID Exploit

AU/NZ Exclusive

Name: AK Obscurity
IP: 45.121.211.99:28960
(show/hide server details)


	Africa


	South America

UK/Europe

Name: IceOps-Team OBS
IP: 176.31.25.80:28965
(show/hide server details)


	US/Canada


	Honourable Donators Spidergat Batman_516 mavrick AzzDawg EAS Clan killerciao Awok3n jesus Describe Ripper LaZzy

Obscure Creations
on Facebook

Latest Forum Posts

Our Obscurity server
WEBSITE

Obscurity source files?
OBSCURITY

Hello again.
OBSCURITY COVERT OPS

Obs Final Update - Suggestions
OBSCURITY

New server from Slovenia
OBSCURITY

Modding help i need
MISC


	Obscurity Flood

Latest Mod Updates

2.99d Release Notes

2.99d WIP Release Notes

2.99c Fixed Release

2.99b Release Notes

OBSCURITY >> General Discussion >> GUID Exploit

Unc3nZureD

Posts: 6
01:27 PM 28/08/2012

There are some people who can change their GUID. This way they can Access the Admin Panel and they can take control over my server. Well... I can log into rcon with rcon tool but it's not a solution. Could you solve it? On deathrun the same happened, luckly braxi made a new ACP login. That way you could use your own login details (like /login user pass). Is it possible to do in Obscurity too?

Unc3nZureD

Posts: 6
06:21 PM 28/08/2012

Some more informations:

If they've got 00000000 GUID they can access the Admin panel even if nobody's inside.

djubre46

Posts: 11
07:36 PM 28/08/2012

Same problem.

We could just disable admin panel if Snakelet tells us rcon commands for weather, day/night, next map and 5min ban so we can "administrate" using console.

Unc3nZureD

Posts: 6
09:12 AM 29/08/2012

Yeah, even If I didn't set any admin they could somehow hack it and log in as an admin. The only thing I could do is to extract the adminpanel.gsc and delete everything from the Init section.

init() {

}

I Hope that later you can find a better solution :)

Snakelet
(xfire: snakelet)

Snakelet

OBS Dev

Posts: 1330
05:14 AM 30/08/2012

I have notified Falcar about this and he should be able to get back to you soon in regards to it. The whole point of the admin panel was to give trusted users control over the commands needed to admin the game, without giving them full server control to crash the server etc. I am not sure what can be done other than to go back to having to share your rcon login with those you trust. But I am no programming expert, so it is best to wait and see what Falcar says.

As for commands,

https://www.obscuritymod.com/forum.php?thread=459#post3706

_dntimescale
_dnoverride
_weatheroverride
_weatherchance
(prefix is either hitloc or obs. Eg obs_weatherchance, hitloc_weatherchance. I can't remember which goes with which, but I do believe their is some overlap in some of the commands.)

Start a local server and type /hitloc_ or /obs_ you should get some commands listed to choose from in the extended console.

Falcar
(xfire: seamusthefamous)

Falcar

OBS Dev

Posts: 526
10:38 AM 30/08/2012

I know about this problem, but it's only an issue with cracked servers. The issue isn't with the mod - it's the fact that you can spoof any guid that you want because the server doesn't care.

Unfortunately there isn't any secure way to authenticate a login via a password as far as I'm aware.

I don't see us restricting features to accomodate illegitimate servers any time soon.