1. Sign up for news, events and more!

    You're currently visiting the official DarkRP Forums as a guest. Sign up now to participate in our community and we'll let you know when we have news.

Release Ulx/Ulib Exploit Fix

Discussion in 'DarkRP Addon & Plugin Releases' started by Hackcraft, Jan 5, 2017.

  1. Hackcraft

    Hackcraft Member

    So yesterday I found the backdoor which was on my friends server. The backdoor however wasn't like any I'd seen before as it didn't require ftp, it would install with just superadmin using ulx luarun to write into a ulx configuration file so that the backdoor gets loaded every time the server starts.

    Anyway, here's the patch I made if you're interested. It'll remove the backdoor if you have it on your server and will stop any further attempts from working for this particular backdoor installation method.

    http://steamcommunity.com/sharedfiles/filedetails/?id=835442281
     
  2. (FPtje) Atheos

    (FPtje) Atheos Main Developer Staff Member

    So the exploit is basically ULX executing commands from files in data/? I'll notify Brett.
    --- Double Post Merged, Jan 7, 2017 ---
    Upon closer inspection, the exploit fix makes little sense. Your script is serverside. For the exploit to happen, the server would have to write Lua code (or some concommand) in text file in data/.

    How would the server write those text files? Is there some addon on your friend's server that allows players to write arbitrary text files on the server (accidentally or as a feature)? I mean surely then that would be the source of the exploit, rather than ULX/ULib.
     
  3. Hackcraft

    Hackcraft Member

    Yep.
    Here's the backdoor "injector" source: http://pastebin.com/kKpfY1xe

    It uses ulx luarun to install a temp compile string backdoor which they use to write in the text files.
     
    Last edited: Jan 7, 2017
  4. (FPtje) Atheos

    (FPtje) Atheos Main Developer Staff Member

    That script would require a superadmin to run it. How would the attacker get the superadmin to do that? Have the superadmin do it on purpose?
     
  5. Hackcraft

    Hackcraft Member

    People get given superadmin easily on newer servers.
     
  6. (FPtje) Atheos

    (FPtje) Atheos Main Developer Staff Member

    That's not an exploit, that's a regular old classic trust issue.
     
  7. Hackcraft

    Hackcraft Member

    It uses the ULX config system to load itself on server start, how is that not an exploit?
     
  8. (FPtje) Atheos

    (FPtje) Atheos Main Developer Staff Member

    You're right, that is fucking stupid. Just running all the commands in a config file is about the most incompetent thing the devs of ULX/ULib could have done. They should definitely fix that.

    That means, though, that the issue is not only with superadmins gone rogue. It also allows malicious addons to have persistent negative effects, even after being uninstalled.
     
    Hackcraft likes this.
  9. Sir Klutch

    Sir Klutch Member

Share This Page