• DarkRP Exploit
    5 replies, posted
Well, me being busy and not having time to update darkrp has its disadvantages. But when there is no update then you cant f&#9829;&#9829;king update. A person decided to use a more than simple exploit to get the information of my MySQL server. The only thing he had to type in his console was a single line of code which I wont state for obvious reasons... The outcome of that would be: [code] Host=XXX Password=XXX EnableMySQL=true Database_port=3306 Username=XXX Database_name=XXX [/code] Now the person who used the information is [URL="http://steamcommunity.com/id/NotSoSuper/"]NotSoSuper[/URL] [19:17:09] Client "&#9762;NG&#9762;NotSoSuper" spawned in server (PRIVATE)<STEAM_0:1:43933522>. Due to the high security provided by FAdmin and DarkRP he got the password of the SQL server, went to the database which included ULX users and set himself superadmin on my TTT server and yea... had his ejaculation until I came in and destroyed his fun. Just to lighten up your day I copied a line of the logs: [code][19:23:34] (SILENT) &#9762;NG&#9762;NotSoSuper ran rcon command: banid 0 sabo Hoe[/code] Also his overly genius brain spit this out: [code][7:41:51 PM] NotSoSuper: I fucked everything up [7:41:55 PM] NotSoSuper: There servers and website [7:42:10 PM] NotSoSuper: But we need to make a deal with the owner [7:42:16 PM] NotSoSuper: maybe he will give us money [7:42:19 PM] NotSoSuper: to restore everything xD [7:42:22 PM] NotSoSuper: I made a backup [/code] </fun> So, my deepest regards to FPtje for making such a great gamemode, then my biggest middle finger for making FAdmin mandatory to run the gamemode and once again another big middle finger for having so many exploits. (In this line there is no sarcasm, all true words). Also I would like to mention a person who is the friend of that guy and who is the person who used the exploit to get the information but instead of exploiting he helped me fix it. The person who helped me is: [URL="http://steamcommunity.com/id/Desimay/"]Desimay[/URL] basically put local in the first line of the _mysql config file of DarkRP so it looks like this: [code]local RP_MySQLConfig = {} -- Ignore this line[/code] This will fix the problem. Hope nobody experienced this and if I were you I would ban that scum from all your servers, if you don't believe me Ill gladly give you my logs.
More chat logs for the lolz [B] Talking about Sql Injection [/B] [CODE] [7:52:36 PM] NotSoSuper: you own IllusionGaming. ? [7:52:47 PM] NotSoSuper: I'll hack them (jk) [7:53:04 PM] NotSoSuper: A simple sql injection [7:53:06 PM] NotSoSuper: to the website [7:53:07 PM] NotSoSuper: will do it [7:53:16 PM] NotSoSuper: this? [7:53:16 PM] NotSoSuper: http://www.illhome.net/ [/CODE] [B] PayPal Fun [/B] [CODE] [7:16:38 PM] NotSoSuper: Wait you have FTP? [7:17:13 PM] NotSoSuper: How [7:17:15 PM] NotSoSuper: give me the login [7:17:21 PM] NotSoSuper: for TTT? [7:17:49 PM] NotSoSuper: o [7:18:01 PM] NotSoSuper: Ok I am about to get owner [7:18:03 PM] NotSoSuper: on the TTT [7:18:06 PM] NotSoSuper: join elite gaming TTT [7:18:10 PM] NotSoSuper: I'll make you all owner [7:18:12 PM] NotSoSuper: if you want [7:18:17 PM] NotSoSuper: no [7:18:19 PM] NotSoSuper: Ineed ftp [7:18:38 PM] NotSoSuper: it uses an automatic donation system [7:18:39 PM] NotSoSuper: that [7:18:43 PM] NotSoSuper: is configed [7:18:46 PM] NotSoSuper: within a config.php [7:18:52 PM] NotSoSuper: not without FTP [7:18:55 PM] ThisPersonIsNotonTheHackingList: ****@gmail.com [7:19:00 PM] NotSoSuper: I am owner! [7:19:00 PM] NotSoSuper: xD [7:19:03 PM] NotSoSuper: Join guys [7:19:50 PM] NotSoSuper: whats your steam [7:20:37 PM] &#3670;&#1763;&#1756;Sprain: I can't even register? [7:25:08 PM] NotSoSuper: Just hardcoded banned sabo [7:25:20 PM] &#3670;&#1763;&#1756;Sprain: What's the ip? [/CODE] [B] DDoSing [/B] [CODE] [9:22:10 PM] NotSoSuper: Gery get his skype [9:22:16 PM] NotSoSuper: tell him you wanna show him something [9:22:20 PM] NotSoSuper: Grey* [9:22:26 PM] &#3670;&#1763;&#1756;Sprain: http://goo.gl/ [9:22:27 PM] NotSoSuper: I gave been steam messeging him [9:22:31 PM] &#3670;&#1763;&#1756;Sprain: oops [9:25:48 PM] NotSoSuper: Grey dont dare post that [/CODE] Edit: Proof he DDoSed me [IMG]http://i.imgur.com/SC2z8jZ.png[/IMG] More Edit: New Steam Account: [url]http://steamcommunity.com/id/xBananaGaming/[/url]
Read console messages? [url]http://puu.sh/6pXTH.png[/url] EDIT: I know for a fact Sab0 did not have the latest update.
[QUOTE=scottd564;43588889]Read console messages? [url]http://puu.sh/6pXTH.png[/url][/QUOTE] Great job smart one but they have the lastest update :)
LOL SUPER
Fadmin isn't required lol. You can turn that off in .3 seconds server files -> garrysmod/addons/darkrpmodification/lua/darkrp_config/disabled defaults.lua Change line 37 to true. [IMG]http://gyazo.com/b1289d848a664f2c5911a4b7d3c5afd3.png[/IMG]
Sorry, you need to Log In to post a reply to this thread.