Garry's Mod Security and VAC

My question is what would happen if someone who knows an exploit that could upload any file anywhere on his computer and then execute it. For example player connects to a server that is infected and who connect to that server they upload cheats for tf2 that are activated automatically. Does that mean that everyone who connects to that infected server and then go play tf2 gets automatic vac ban? is it even fair to get vac banned this way according to Valve?

Btw I’m not VAC banned, but just curious.

This is totally unrealistic; there is no “exploit” that would be so massive that a hacker could upload files to your computer to a specific directory.

There is because i know one exploit that does that. Also in the past you were able to load binary that were saved as mdl, it was fixed though. The one I know is not fixed and gmod is not 100% safe.

I really doubt it. It’s easy to steal scripts/files from the client, but to upload non-lua files to the client to a non-GMod directory is just preposterous.

<deleted> a

Zero tolerance is zero tolerance - I doubt you have an exploit for Gmod that sends and runs a file on someone’s computer but even if you did that’s something that should be checked and protected against on the client (I have an anti virus for anything old as well as a software firewall for anything that happens to be new or simply isn’t on any virus db’s yet)

You’re prompting people to go to a website? Or is that just a redirect for a gmod server? If it’s a website then it’s probably some java drive by which again is easily solved by just not running java or if it’s silent having a good antivirus/firewall combo running

http://puu.sh/5CHmF.png you can see command I typed bellow box

Is this a gmod specific exploit or a source one?

Running scripts on them, sure, but to transfer hacks though the server to the client is not. They’re not allowed to be sent by the server to the client in a non-GMod directory.

well if you have access to cmd, you can download files from cmd

[editline]4th December 2013[/editline]

this is source engine + gmod exploit

not strictly true

well not directly but you can write vbscript or something using regular file.Write function in gmod then rename file type using cmd and then run it. Also you can write binary with file.Write

which is in todays world of windows 7 and 8 utterly useless especially as cmd/conhost is running from hl2 and not csrss

What do you mean by useless?

you can’t really do anything with it, i can’t imagine it’s terribly useless, running a random vbscript created on the fly by a cmd window running out of a process it shouldn’t be should flag up any half decent anti virus - any semi advanced user who happens to be checking task manager after they feel something suspicious happen (sudden pc slowing after loading a site or accepting random java shit) is gonna see this instantly and then take whatever steps are needed to get rid of whatever it is you’ve done with the exploit

Its all runned in background, no websites are being opened. Also you can write keylogger and stuff and store it in startup folder or something. That cmd is not limited, it has same access that regular cmd would have. Also if you knew how anti viruses work, you would understand that this wont get flagged by antivirus software unless you trying to put software on victims computer that is already in av database.

it might be ran in the background but that doesn’t stop anyone with a decent security system from having it found

dropping a malicious file through vbscript is just silly, it’s easily detected so this is almost useless - cmd by default is pretty limited on windows anyway, if all you can do is make a cmd prompt (still not even sure if you can do that as from what your screenshot shows it only opens a windows message) then yes you’re pretty limited

AV doesnt check if youre running scripts or not, tell me that does. Also you can use PowerShell that you could do more stuff with it than cmd if you feel cmd is not powerful enough.

So you could run powershell? You havent really said what it does - and yes an AV will notice a vbscript downloading a file when the vbscript is running from a cmd window that is stemming from a process it shouldnt

You can run any software using cmd. Tell me what AV software detects that stuff. No AV is so smart that would understand what process it should be running or not, because many softwares are using some sort of scripts otherwise microsoft wouldn’t be putting script runtime softwares in their operating system.