Author Topic: EMERGENCY PSA FOR DARKRP AND SERVER OWNERS IN GMOD, DRUG MOD HAS BACKDOOR (Read 6416 times)

Maxx� · June 03, 2016, 12:58:40 AM

The "Drugs Mod" a mod that allows drugs on darkrp servers, was recently updated.
This update has added in a backdoor, and a close buddy of mine had people on his server who abused the backdoor and got in as admin. The person who got in told my friend it was the drugs mod, here is a video of me explaining.
See for yourself, go extract the Drugs mod made by Falconhoof, it has a lua script inside called "drugsresource_2.lua" that allows people to abuse ULX and get in as admin through console.
http://steamcommunity.com/sharedfiles/filedetails/?id=112986621&searchtext=Drugs+mod
https://www.youtube.com/watch?v=AMOFs1vMWuQ&feature=youtu.be

Ad Bot · Advertisement

Torin · June 03, 2016, 01:00:20 AM

another fun mod forgeted up with backdoors
cant wait for it to be taken off the workshop :s

log · June 03, 2016, 01:12:30 AM

not surprised

Trymos · June 03, 2016, 01:18:45 AM

you couldn't be any more obvious with this backdoor guys

also this stuff isnt new to gmod not in the slightest.
ive seen backdoors where it's literally a slightly open hole you can exceedingly easily miss when verifying the code.

for example: someone intentionally leaves an exploit open which he then uses to gain lua run access via a major indirect way by intentionally using """stuffty""" coding.
somehow, just somehow this doesnt surprise me after i've seen cases where people made loving addons that corrupt your bios through 0 day source engine exploits that the author decided to abuse instead of reporting it.

Whackin · June 03, 2016, 01:18:59 AM

my loving god
alright, uninstalling

Planr · June 03, 2016, 01:20:35 AM

I was so pissed when Garry's Bombs 5 got deleted from the workshop cause the developer wrote himself a backdoor script to get admin on servers using it.

Nickelob Ultra · June 03, 2016, 01:52:06 AM

I don't understand the purpose of this. People will find out and then you get stuff for it. Literally what's the point.

Masterlegodude · June 03, 2016, 02:04:55 AM

I'm more appaled that it's that easy to write a backdoor like that

When Gmod loads up addons, it should do some kind of scan in LUA files for certain blocks of code that use various commands like 'adduser', 'debugPlayer:Name()', and '"superadmin"'

Jshotgun · June 03, 2016, 02:11:47 AM

it looks like they're deleting the comments reguarding the backdoor
lol

Masterlegodude · June 03, 2016, 02:16:34 AM

Quote from: Jshotgun on June 03, 2016, 02:11:47 AM

it looks like they're deleting the comments reguarding the backdoor
lol

[DAMAGE CONTROL IS IN EFFECT]

But you can not truly control the damage that has affected your user base

RIP user base by the way

Akio- · June 03, 2016, 02:18:22 AM

Quote from: log on June 03, 2016, 01:12:30 AM

not surprised

choke

Jshotgun · June 03, 2016, 02:21:40 AM

hes deleting my comments lol
before

after

MOD REMOVED GG BOYS WE DID IT

Masterlegodude · June 03, 2016, 02:45:21 AM

Quote from: Jshotgun on June 03, 2016, 02:21:40 AM

MOD REMOVED GG BOYS WE DID IT

ヽ༼ຈل͜ຈ༽ﾉ WE DID IT REDDIT ヽ༼ຈل͜ຈ༽ﾉ

Epicduke · June 03, 2016, 07:32:54 AM

Quote from: Planr on June 03, 2016, 01:20:35 AM

I was so pissed when Garry's Bombs 5 got deleted from the workshop cause the developer wrote himself a backdoor script to get admin on servers using it.

gb5 is replaced on the workshop but I'm not sure if the backdoor was removed. it says not to use it on public servers so I would assume it wasn't

Whackin · June 03, 2016, 07:50:42 AM

Quote from: Masterlegodude on June 03, 2016, 02:45:21 AM

WE DID IT REDDIT