Page 2 of 2 FirstFirst 12
Results 26 to 37 of 37

Thread: My friend and I were hacked

  1. #26
    Join Date
    Sep 2012
    Location
    Here.
    Posts
    2,007
    Mentioned
    88 Post(s)
    Quoted
    1014 Post(s)

    Default

    Quote Originally Posted by tealc View Post
    Pretty sure it's not hard to do.
    you just need a create the .exe file that launches and runs a script
    Edited: TealC proved me wrong. He is indeed correct on the matter.

  2. #27
    Join Date
    Jul 2012
    Posts
    437
    Mentioned
    10 Post(s)
    Quoted
    165 Post(s)

    Default

    Quote Originally Posted by Kevin View Post
    You can create an exe, but you can't run it unless you tell the user to hit run. *removed* just gets the contents of the target as a string, you would just get a bunch of garbon returned in a variable, you wouldn't open it.
    Are you sure? This will launch cmd if you are on windows.
    Simba Code:
    program new;
    begin
    //*removed*
    end.

  3. #28
    Join Date
    Sep 2012
    Location
    Here.
    Posts
    2,007
    Mentioned
    88 Post(s)
    Quoted
    1014 Post(s)

    Default

    Quote Originally Posted by tealc View Post
    Are you sure? This will launch cmd if you are on windows.
    Simba Code:
    program new;
    begin
    //code
    end.
    Well then, I concede that point quite instantly. I've already taken that and done some things that should not be able to happen in simba. I think this is a pretty big risk in the fact of what should not be capable and that functionality should be removed shortly. In the meanwhile, it may be for the best to not keep that specific command allowing for that public while we try and see if we can get simba to not do that. Would you be willing to perhaps comment that out and we try to simply not publicize this for any who may do harm?

    Edit: could some SSRL or admin comment on why this is even capable and whether or not that should be capable?
    @Daniel?

  4. #29
    Join Date
    Jun 2007
    Location
    The land of the long white cloud.
    Posts
    3,702
    Mentioned
    261 Post(s)
    Quoted
    2006 Post(s)

    Default

    Quote Originally Posted by Sjoe View Post
    Did u guys use paste.villavu.com by any chance? Some people forget to remove their passwords there.
    I saw it happen on few occasions
    I wonder who those 'some people' are? They must be pretty silly to do that

  5. #30
    Join Date
    Mar 2006
    Location
    Belgium
    Posts
    3,564
    Mentioned
    111 Post(s)
    Quoted
    1475 Post(s)

    Default

    Quote Originally Posted by The Mayor View Post
    I wonder who those 'some people' are? They must be pretty silly to do that
    Yeah there were 4 people who did this. I know one cause his name starts with a M and ends with ayor

    Creds to DannyRS for this wonderful sig!

  6. #31
    Join Date
    Sep 2006
    Posts
    27
    Mentioned
    0 Post(s)
    Quoted
    13 Post(s)

    Default

    Lol


    The point of this thread was the point out the numerous security flaws in simba. Tealc also proved a point that besides simply stealing an RS password, it's quite possible to run other things with simba that can cause MUCH more harm. Those who say that all the public scripts posted on here are safe are ignorant. It takes one second for someone to use their auto-updater to download a malicious script; they don't even have to post the "keylogged" version publicly.

    If I was keylogged, I'm really surprised that they only targeted my WORST account, and not my other accounts with thousands worth of stuff.

  7. #32
    Join Date
    Dec 2011
    Location
    Hyrule
    Posts
    8,662
    Mentioned
    179 Post(s)
    Quoted
    1870 Post(s)

    Default

    Quote Originally Posted by eddieh20us View Post
    Lol


    The point of this thread was the point out the numerous security flaws in simba. Tealc also proved a point that besides simply stealing an RS password, it's quite possible to run other things with simba that can cause MUCH more harm. Those who say that all the public scripts posted on here are safe are ignorant. It takes one second for someone to use their auto-updater to download a malicious script; they don't even have to post the "keylogged" version publicly.

    If I was keylogged, I'm really surprised that they only targeted my WORST account, and not my other accounts with thousands worth of stuff.
    I thought the point was to say that you know for a fact simba hacked you?

    Again, go through the script versions on their github or google code and tell me where they put in the malicious code (unless they used another website, let us know which one they us to keep track of versions from).

    Ex: https://code.google.com/p/ashamanred...er/source/list

  8. #33
    Join Date
    Jan 2008
    Location
    NC, USA.
    Posts
    4,429
    Mentioned
    0 Post(s)
    Quoted
    4 Post(s)

    Default

    Quote Originally Posted by Kevin View Post
    Well then, I concede that point quite instantly. I've already taken that and done some things that should not be able to happen in simba. I think this is a pretty big risk in the fact of what should not be capable and that functionality should be removed shortly. In the meanwhile, it may be for the best to not keep that specific command allowing for that public while we try and see if we can get simba to not do that. Would you be willing to perhaps comment that out and we try to simply not publicize this for any who may do harm?

    Edit: could some SSRL or admin comment on why this is even capable and whether or not that should be capable?
    @Daniel?
    I'm sure its an iExplorer thing. The function likely opens internet explorer and internet explorer can look through directories and run files. So it's not Simba's fault - just another windows thing.
    Quote Originally Posted by irc
    [00:55:29] < Guest3097> I lol at how BenLand100 has become noidea
    [01:07:40] <@BenLand100> i'm not noidea i'm
    [01:07:44] -!- BenLand100 is now known as BenLand42-
    [01:07:46] <@BenLand42-> shit
    [01:07:49] -!- BenLand42- is now known as BenLand420
    [01:07:50] <@BenLand420> YEA

  9. #34
    Join Date
    Jun 2012
    Location
    Howell, Michigan
    Posts
    1,585
    Mentioned
    34 Post(s)
    Quoted
    553 Post(s)

    Default

    Quote Originally Posted by Sjoe View Post
    Yeah there were 4 people who did this. I know one cause his name starts with a M and ends with ayor

    Butt, you left mine in there >.> I forgive you <3

  10. #35
    Join Date
    Mar 2006
    Location
    Belgium
    Posts
    3,564
    Mentioned
    111 Post(s)
    Quoted
    1475 Post(s)

    Default

    Quote Originally Posted by King View Post
    Butt, you left mine in there >.> I forgive you <3
    It was pasted private

    Creds to DannyRS for this wonderful sig!

  11. #36
    Join Date
    Jul 2012
    Posts
    437
    Mentioned
    10 Post(s)
    Quoted
    165 Post(s)

    Default

    Quote Originally Posted by Kevin View Post
    Well then, I concede that point quite instantly. I've already taken that and done some things that should not be able to happen in simba. I think this is a pretty big risk in the fact of what should not be capable and that functionality should be removed shortly. In the meanwhile, it may be for the best to not keep that specific command allowing for that public while we try and see if we can get simba to not do that. Would you be willing to perhaps comment that out and we try to simply not publicize this for any who may do harm?

    Edit: could some SSRL or admin comment on why this is even capable and whether or not that should be capable?
    @Daniel?
    For now I've removed my mentions to the function name. I don't see why this should be removed, pretty sure the same thing can easily be done from a plugin.

    Quote Originally Posted by eddieh20us View Post
    Lol


    The point of this thread was the point out the numerous security flaws in simba. Tealc also proved a point that besides simply stealing an RS password, it's quite possible to run other things with simba that can cause MUCH more harm. Those who say that all the public scripts posted on here are safe are ignorant. It takes one second for someone to use their auto-updater to download a malicious script; they don't even have to post the "keylogged" version publicly.

    If I was keylogged, I'm really surprised that they only targeted my WORST account, and not my other accounts with thousands worth of stuff.

    @OP sorry if your thread got derailed. Have you ran any virus scans? Personally I read every script I use and remove auto-updating features . On why it targeted that account. Maybe instead of being keylogged part of the script, containing your login and pin, was sent to the hacker.

  12. #37
    Join Date
    Sep 2008
    Posts
    754
    Mentioned
    8 Post(s)
    Quoted
    275 Post(s)

    Default

    Sorry about your loss, I dont really understand how some people are getting hacked, and this kinda of worries me.

    player saftey is obviously a prirority for srl community but can we beef up security? auto script scanner that detects malicious activities? and adding approved scripts section only ? i know its open source but can we have it so when some one posts a topic its hidden till a mod approves it?

    And add an inscript detector that if it has auto update it cant process disapproved requests (idk how auto update works) so if a scripter goes rogue he cant update his script anymore?



    just a thought, player saftey is very important for me, i use simba because am one of the unlucky people that grt keylogged/booted off their acc and then hacked when evet they use other bot clients and this kinda scares me.


    Quote Originally Posted by Sjoe View Post
    Did u guys use paste.villavu.com by any chance? Some people forget to remove their passwords there.
    I saw it happen on few occasions
    Ya i am one of those retards lol, but i noticed it right away and changed my password

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •