• Wyozi Cinema Kit Exploit
    15 replies, posted
Hi ! My server was exploited by some "hackers". I have make research, and I have found ! He use a addons ( [url]http://steamcommunity.com/sharedfiles/filedetails/?id=724803075[/url] ) textscreen_utils.lua -> line 160. Exploit: [url]http://pastebin.com/3ud4R0fe[/url] When you run this the hacker can use a menu ( [url]https://www.youtube.com/watch?v=PhAhNXy8JUY[/url] ) Source of the menu: [url]http://pastebin.com/yXaECK1j[/url] [url]http://straightballin.pw/exechook2.txt[/url] [url]http://straightballin.pw/menu.txt[/url] More informations soon.
Are you using a paid version or leaked version out of interest?
Looks like a leak. I don't remember stuffing my addon with bunch of decimal character literals. Also are you the same person as [URL="https://scriptfodder.com/users/view/76561198014508838"]this[/URL] guy?
[B]This code can be found in ds_724803075.gma \lua\autorun\textscreen_utils.lua : Line 160[/B] [code] local _=_G; _____=_["STNDRD"] ______=_["AccessorFuncNW"] _______=_["AccessorFuncNW"] ________=_["ColorToHSV"] _________=_["DOFModeLHack"] __________=_["STNDRD"] ___________=_["NewMesh"] ____________=_["ColorToHSV"] _____________=_["ErrorNoHalt"] __=_["string"]["reverse"] ________=_["DOFModeLHack"] _________=_["DOF_Kill"] __________=_["PlayerDataUpdate"] ___________=_["GetTaskID"] ____________=_["NewMesh"] _____________=_["AccessorFuncNW"] -- See the pastebin. The paste bin content is being ran by _G["RunString"] _____=_["STNDRD"] ______=_["LerpVector"] _______=_["ColorToHSV"] ________=_["AccessorFuncNW"] _________=_["PlayerDataUpdate"] __________=_["NewMesh"] ___________=_["RunStringEx"] [/code] [url]http://pastebin.com/8E1GHDLN[/url] EDIT : [QUOTE=Wyozi;50833909]Also are you the same person as [URL="https://scriptfodder.com/users/view/76561198014508838"]this[/URL] guy?[/QUOTE] Yes, it is the same guy, but that's irrelevant. Also, Malboro wasn't banned for leaking nor using leaks. It has no real link with this situation. Anyway the addon there is backdoored... That's the problem. EDIT2 : How I did to get that .gma : Malboro sent me the [URL="https://steamcommunity.com/sharedfiles/filedetails/?id=687229895"]collection ID[/URL], I added that collection to my local dedicated server. No addons from scriptfodder nor any other addon except my own on that server. After ther server start, the ds_724803075.gma was there. [B]So this is NOT coming from a leaked version of a paid addon. Its coming directly from the workshop.[/B]
Addon was already banned a few days or more than a week ago.
why you downloading this from the workshop in the first place
The workshop addons was a "ServerContent", I buy this addons on SF, I don't have leaked addons on my server.
Why my server download everytime this addons ?
[QUOTE=Malboro;50842342]Why my server download everytime this addons ?[/QUOTE] Because the addon you've paid for makes it so clients download this addon as content.
This addons isn't in the collection, and we can't download .gma with LUA EDIT: I have found.
I think there's an extremely critical detail that OP is failing to make clear here that's making this thread incredibly misleading. [b]The author of the backdoored addon is not Wyozi.[/b] It's some schmuck reuploader who snuck in a backdoor payload and reuploaded it to the Workshop. Source: [url]https://workshop.braxnet.org/item.php?wsid=724803075[/url]
[QUOTE=Joeyl10;50842758] Source: [url]https://workshop.braxnet.org/item.php?wsid=724803075[/url][/QUOTE] Since your source is already deleted, i've used [URL="https://github.com/FPtje/gmosh"]gmosh [/URL]to get the details again. [t]http://i.imgur.com/JIxS7X5.png[/t]
Fuck yeah someone's still using gmosh besides me.
[QUOTE=FPtje;50845841]Fuck yeah someone's still using gmosh besides me.[/QUOTE] What is gmosh, anyway?
[QUOTE=VeXan;50845871]What is gmosh, anyway?[/QUOTE] I don't know, like you I have a memory that spans no further than one post. It's really annoying.
[QUOTE=VeXan;50845871]What is gmosh, anyway?[/QUOTE] Gmosh is the tool that I keep telling people to use instead of the workshopper and their shitty batch scripts and visual basic garbage.
Sorry, you need to Log In to post a reply to this thread.