DarkRP Hacker and Money exploiter

Hey everyone, I am just making this post to let all DarkRP server owners know about a Hacker and Money exploiter.

One of my mates messaged me on steam telling me there was someone running around saying he was admin and killing people and saying its fine cause he is admin when he is not, so instead of coming on which would of made him stop I decided to look into the web console and I sat there for about a good 3 - 5 minutes then he decides to post everyone’s money in OCC.

(OOC) Fideel Castro: 1: Fideel Castro has $1000000064 in their wallets
(OOC) Fideel Castro: 2: Corey Killer has $425709152 in their wallets
(OOC) Fideel Castro: 3: Jordan Swat has $321177856 in their wallets
(OOC) Fideel Castro: 4: sir twinkle dinkle has $102941224 in their wallets

His STEAM ID is: STEAM_0:1:56517146
so keep on a look out for him because he will dupe money somehow and give millions to people ruining the economy system of DarkRP on your server.

Lucky I got him in time before he could give anymore money out…

I find it amazing that you would have to cheat in a game like DarkRP… and how pathetic you have to be to hit that level of low…

Anyway, I hope any and all DarkRP owners/staff find this useful.

Regards,
Yumaglo

-Edit-

Once again, sorry for my stupidity and ignorance, I should of done more research on what could of caused money duping.

Do you have the moneypot addon on your server?

Yes we do? Why?

Don’t tell me that can be used to exploit :\

In DarkRP 2.5 it’s not hacking to see who has what money, it’s shown to all.
In previous versions it was a still shown to all via clientside lua.

If you do have the moneypot then there is an exploit in DarkRP that lets you duplicate money.

(As the author of the moneypot, I apologise for Falco making it so you can dupe with my addon. I’m working on fixing it.)

You use ent.USED and falco uses ent.hasMerged inside the ent:StartTouch(), but a few 3rd party addons used .USED so keep it.


        if ent.USED or ent.hasMerged then            return
        else 
            ent.USED = true
            ent.hasMerged = true
        end

Fixed. If I remember when home I’ll sign up for github and have request that ent.USED be added to spawned_moneys touch function as well. Since a few different addons that interact with money use this flag it makes sense.

Also Lexic, It’s not just money pot you can do the exploit with wire mod as well.

.USED isn’t mine. I use moneyPotPause. I’ve just pushed an experimental .hasMerged fix to My Github, do I need to add .USED too?

You’re at fault for enabling this to happen. (to owner, not lexic)

What, by using DarkRP? :v:
I’ve now pushed a fix that uses .USED as well as .hasMerged, but I can’t test / upload to Workshop until tonight.
Relevent: FPtje/DarkRP#1299

I remember using Falco small scripts once back in the day when I was an immature minge. I remember using it and it let your print out all of the peoples money in OOC and that might come with DarkRP as you said but the only I know of doing that is through Falcos small scripts which this player was using.

Thanks :slight_smile:

Errrr, my moneypot uses .USED :/. Maybe I added that myself ages ago when you first found about the exploit and fixed it.

whats fidel castro doin on darkarpee?

Speak English.