There has been some malicious people joining a server that I run and using some kind of exploit to immediately cause the server to lock up and will need to be restarted. They don't spawn any kind of props or anything like that, as a matter of fact there is no log of him doing anything. I suspect he is using some kind of lua exploit in order to do it, I do have Cake-Anti Cheat installed and that does not detect anything. Does anyone know of any kind of exploit like I have described and perhaps how to fix it, I have searched the web and come up with nothing. Any help would be appreciated.
If you're using any leaked addons, dont.
I know theres an exploit with stacker / precision tool but you mentioned he doesnt spawn any props
https://github.com/Facepunch/garrysmod-issues/issues/3526
this is the exploit being used
That addon does not fix the bug, it just detects mod menus that might abuse it. Anyone who knows very basic script modification can easily work around it.
well it at least stopped those who were abusing it on my server so, good enough for now. the only way for a proper fix is with a garry's mod update, correct?
No it will be fixed by not using shitty addons.
It's a LuaJIT exploit...
this doesn't exploit addons, what are you talking about? i could have 0 addons and it would still work
The exploit targets the design of LuaJIT, so a fix won't be easy. However, I have an idea for what we can do to mitigate it without killing functionality.
Create a JSON parser in Lua that will override util.JSONToTable and output a table, but have it calculate the LuaJIT hash of every string along the way. It keeps track of every string and its hash, and if the number of same hash collisions reaches a certain threshold, it throws an error that will be caught by the main util.JSONToTable function (to clear all references to the problem strings). Upon detecting this error, it will invoke the garbage collector to (hopefully) remove those strings from Lua. It will then act as if the JSON is invalid, and do whatever the original function does in that case. As a bonus, it could use the debug library to check the call stack to see if it was invoked from a net message, and kick the player who sent it.
This won't stop the exploit completely, but it will stop people from being able to kill the server with just 1 message. This in turn forces them to use alternate methods that may enable detection with less extreme measures.
Well that turned out to be pretty easy. I just stuck an open-source JSON library in there and patched it a little with function overrides.
[Lua] util.JSONToTable patch
I've tested this script with the duplicator and the exploit. The duplicator works, and attempting to use the exploit will have you kicked. More testing is needed to make sure I didn't break the behavior of util.JSONToTable and that the threshold value isn't too low.
Thank you for your comment (:
currently SNTE prevents abuse but very minimally , my friend has prepare a code which deals with proposing a convars to simply deactivate the tool
Why disable the tool when you can add a script to the server that is effective against the current exploit payload + many theoretical variants and doesn't disable the duplicator? See my post above.
SNTE mainly targets darkrp servers (so this tool is useless in the context) it was mostly a piece of code done in the speed to propose a solid solution to compare with the other addons unfortunately free kick innocent people,
SNTE offers a convars that gives free rein to the delivery of the tool (for sandbox vanilla servers), however this topic is very interesting I will keep it history to see for a future update..
thx for this topic
I made my script in the span of a few hours. Is that not speedy enough? Based on @c👌de_g🎷 's description of targeting skid menus, I would hardly call it a solid solution. The only solid solution targets the exploit itself, not just the skid menus that have implemented it. And if you can provide a reproducible case of my script kicking an innocent player, let me know and I'll fix it.
we were in a hurry, crazy young start to share the method on Youtube (look link) and Twitch (yes yes a special live "we crash servers")
the best solution will be posted soon in SNTE source code
https://www.youtube.com/watch?v=LhFH1zt88xw
https://youtu.be/EN634rCu-iY
Sorry, you need to Log In to post a reply to this thread.
