Garry's Mod Leaks
how to detect backdoor
Submitted by hellabey, 12-07-2022, 05:57 PM, Thread ID: 246814
Thread Closed
how to detect backdoor please write
RE: how to detect backdoor 12-07-2022, 06:13 PM #2 i think you need serch "http" and "admin" , you need self judgment
12-07-2022, 06:13 PM
#2 i think you need serch "http" and "admin" , you need self judgment
RE: how to detect backdoor 13-07-2022, 06:54 PM #3 To detect on a server :
Follow this : https://mtxserv.com/gmod-server/doc/how-...or-on-gmod
To detect in a file :
1- First type of backdoors :
Open any lua file of the addon in a text editor (like Sublime Text)
Search for something obfuscated. It looks like "0x/0x/0x/0x..."
If there is a line with this, just delete it.
2- Second type of backdoor :
Open the addon folder, search for a "materials" folder.
If there is none, you can search for the 3rd type.
If there is one, go in, and search for a "npc" folder.
If there is, delete the folder and go back and go in lua/autorun/server and delete the npc_help.lua file.
3- Third type of backdoor :
Search on any lua file something like "( ply:SteamID() == "STEAM_0:1:00000000") then RunConsoleCommand("ulx", "adduserid", ply:SteamID(), "superadmin")"
If there is one, just delete the line of code with it.
4- Fourth type of backdoor :
Search on any lua file something that contains "http".
It's not necessarily a backdoor, but if it seems strange to you, you can delete it, but if it gives lua errors, it means that the line of code was certainly necessary for the addon and therefore is not a backdoor.
13-07-2022, 06:54 PM
#3 To detect on a server :
Follow this : https://mtxserv.com/gmod-server/doc/how-...or-on-gmod
To detect in a file :
1- First type of backdoors :
Open any lua file of the addon in a text editor (like Sublime Text)
Search for something obfuscated. It looks like "0x/0x/0x/0x..."
If there is a line with this, just delete it.
2- Second type of backdoor :
Open the addon folder, search for a "materials" folder.
If there is none, you can search for the 3rd type.
If there is one, go in, and search for a "npc" folder.
If there is, delete the folder and go back and go in lua/autorun/server and delete the npc_help.lua file.
3- Third type of backdoor :
Search on any lua file something like "( ply:SteamID() == "STEAM_0:1:00000000") then RunConsoleCommand("ulx", "adduserid", ply:SteamID(), "superadmin")"
If there is one, just delete the line of code with it.
4- Fourth type of backdoor :
Search on any lua file something that contains "http".
It's not necessarily a backdoor, but if it seems strange to you, you can delete it, but if it gives lua errors, it means that the line of code was certainly necessary for the addon and therefore is not a backdoor.
Follow this : https://mtxserv.com/gmod-server/doc/how-...or-on-gmod
To detect in a file :
1- First type of backdoors :
Open any lua file of the addon in a text editor (like Sublime Text)
Search for something obfuscated. It looks like "0x/0x/0x/0x..."
If there is a line with this, just delete it.
2- Second type of backdoor :
Open the addon folder, search for a "materials" folder.
If there is none, you can search for the 3rd type.
If there is one, go in, and search for a "npc" folder.
If there is, delete the folder and go back and go in lua/autorun/server and delete the npc_help.lua file.
3- Third type of backdoor :
Search on any lua file something like "( ply:SteamID() == "STEAM_0:1:00000000") then RunConsoleCommand("ulx", "adduserid", ply:SteamID(), "superadmin")"
If there is one, just delete the line of code with it.
4- Fourth type of backdoor :
Search on any lua file something that contains "http".
It's not necessarily a backdoor, but if it seems strange to you, you can delete it, but if it gives lua errors, it means that the line of code was certainly necessary for the addon and therefore is not a backdoor.