Page 1 of 2 12 LastLast
Results 1 to 25 of 31

Thread: How to check for a password stealing script

  1. #1
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default How to check for a password stealing script

    How to check for a password stealing script


    This guide is going to be short and simple

    See: http://villavu.com/forum/showthread.php?t=103408 for script scanner.

    Step 1) Enable security.sex, this will warn you if the script is trying to access anything online related. You can do this buy opening up simba, going to view, extensions, and enabled security.sex :


    Step 2) Look for any unusual things inside of the script. Is it obfuscated? Obfuscated code with the built-in extension looks like:

    Simba Code:
    {$I SRL/SRl.SimBa} pRoCeDUrE SEnd; begin TyPeSEnd(#104#101#108#108#111); caSe RAnDom(((1+7)-(6/3)-(4/3)+-2)) of ((2+5)-(2/5)+(-4*-5)+-26): Wait(raNdomraNge(((9+-4)+(7*4)-(5/1)+-28), ((915+3463)+(2358*338)-(304-520)+-798098))); ((2+9)+(4*7)-(2/4)+-37): waiT(RaNdomRangE(((5+2)+(1*4)+(2+8)+-21), ((1846+1794)+(1754*454)-(55/777)+-797956))); eNd; End; begin ACtivateClIENt; wAit(((168+191)+(476*60)+(121*12)+-29871)); repeaT sEnd; uNTIl false; end.
    If it is, not only is this not allowed, but this means that the script writer probably has something to hide.

    Step 3) Use "ctrl + f" and look for "Name" and "pass". These 2 variables SHOULD NOT be outside of the declare players procedure, unless they are used it forms like so:

    Simba Code:
    Name := Username.TEXT
      Pass := Password.TEXT

    Step 4) Also, an add-on of step 3, "User" and "Pass" SHOULD NEVER be declared ANY MORE THEN 1 TIME.

    Step 5) Make sure the script is not accessing any website that you don't need it to (should only be accessing Github and Google code if it is auto-updating).Watch out for "PostHTTPPage" or "Addpostvariable" functions, these are used to post information to websites!(If the scripter has a dynamic signature showing the script stats then you can relax, but you should still check just to be sure!)

    Step 6) Get some expereince with Simba. Chances are, if you are not very fluent with the Simba functions, then this guide won't help much because you don't know what your looking for! If this is the case for you, then I advise that you become fairly familiar withPascal script and Simba functions.

    If you follow these 6 steps, then in the extremely rare event of a malicious Simba script being uploaded (yes this sometimes happens but they are usually taken down fairly quick) you will be prepared!

  2. #2
    Join Date
    Sep 2012
    Location
    Here.
    Posts
    2,007
    Mentioned
    88 Post(s)
    Quoted
    1014 Post(s)

  3. #3
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Quote Originally Posted by Kevin View Post
    You should include that super long list of other techniques I mentioned in skype
    We can't give people any ideas

  4. #4
    Join Date
    Sep 2012
    Location
    Here.
    Posts
    2,007
    Mentioned
    88 Post(s)
    Quoted
    1014 Post(s)

    Default

    Quote Originally Posted by Officer Barbrady View Post
    We can't give people any ideas
    Good point actually...

    At least add mention of a ctrl+f on "PostHTTPPage", though.

  5. #5
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Quote Originally Posted by Kevin View Post
    Good point actually...

    At least add mention of a ctrl+f on "PostHTTPPage", though.
    That would be posting your "user" though wouldn't it?

  6. #6
    Join Date
    Jan 2012
    Posts
    915
    Mentioned
    13 Post(s)
    Quoted
    87 Post(s)

    Default

    Quote Originally Posted by Officer Barbrady View Post
    We can't give people any ideas
    Why not? We're also telling how to prevent against it, so we're good.

    Plus, it's already in the PUBLIC skype chat, anybody could read it, but not everybody is in the skype chat, so the people who get the ideas are going to use them to kill all of the villavians! It'll be a Villacaust!

  7. #7
    Join Date
    Jun 2012
    Posts
    4,867
    Mentioned
    74 Post(s)
    Quoted
    1663 Post(s)

    Default

    Quote Originally Posted by Vinyl Scratch View Post
    Why not? We're also telling how to prevent against it, so we're good.

    Plus, it's already in the PUBLIC skype chat, anybody could read it, but not everybody is in the skype chat, so the people who get the ideas are going to use them to kill all of the villavians! It'll be a Villacaust!
    Except it would likely be caught pretty fast

  8. #8
    Join Date
    Jan 2012
    Posts
    915
    Mentioned
    13 Post(s)
    Quoted
    87 Post(s)

    Default

    Quote Originally Posted by BMWxi View Post
    Except it would likely be caught pretty fast
    True. BUT, we could increase the chances of it being caught by making people aware.

  9. #9
    Join Date
    Sep 2012
    Location
    Here.
    Posts
    2,007
    Mentioned
    88 Post(s)
    Quoted
    1014 Post(s)

    Default

    Quote Originally Posted by Officer Barbrady View Post
    That would be posting your "user" though wouldn't it?
    Not necessarily, it could be posting any of the possibiliies I mentioned.

    New plan, if there is legitimate fear of the word "socket" or "PostHTTPPage", mention me in whatever is related and I'll look it over.

  10. #10
    Join Date
    Mar 2013
    Location
    Shaolin
    Posts
    863
    Mentioned
    24 Post(s)
    Quoted
    519 Post(s)

    Default

    CTRL + F "send" would be a good one too. This eliminates any chance of your details being exported from the script.
    You have permission to steal anything I've ever made...

  11. #11
    Join Date
    Sep 2012
    Posts
    270
    Mentioned
    4 Post(s)
    Quoted
    97 Post(s)

    Default

    Thanks alot. I was looking for this for a long time. Also if the "reset password" opens in your browser. Is it also an attempt or just a missclick? I've had it like 8 times already

  12. #12
    Join Date
    Feb 2013
    Posts
    303
    Mentioned
    4 Post(s)
    Quoted
    124 Post(s)

    Default

    This is a good heads up thanks

  13. #13
    Join Date
    Oct 2013
    Posts
    7
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    thanks

  14. #14
    Join Date
    Mar 2013
    Posts
    63
    Mentioned
    1 Post(s)
    Quoted
    24 Post(s)

    Default

    Thank you for this great guide. I've been lucky in the past.

  15. #15
    Join Date
    Jan 2014
    Location
    NE Europe
    Posts
    31
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

    Default

    Much appreciated, security is a great concern of mine, but due to own incompetence, I have limited myself only to look for executable file extensions and weird URL-s in scripts.

  16. #16
    Join Date
    May 2012
    Location
    Texas
    Posts
    60
    Mentioned
    0 Post(s)
    Quoted
    19 Post(s)

    Default

    Out of curiosity, have there been password stealing scripts posted on the forums?
    ------------------------------------------------------------------------------------------------------------------
    Fimmy Jallon is here ! Lets get Fimmy!

  17. #17
    Join Date
    Mar 2013
    Posts
    1,010
    Mentioned
    35 Post(s)
    Quoted
    620 Post(s)

    Default

    Quote Originally Posted by destinyxx View Post
    Out of curiosity, have there been password stealing scripts posted on the forums?
    Yes
    #slack4admin2016
    <slacky> I will build a wall
    <slacky> I will ban reflection and OGL hooking until we know what the hell is going on

  18. #18
    Join Date
    May 2012
    Location
    Texas
    Posts
    60
    Mentioned
    0 Post(s)
    Quoted
    19 Post(s)

    Default

    Yes
    Omg that is really scary... But, what if some scripter who uses auto updating of the scripts decides to put in some lines of code to extract info, for a day, and then revert it back?

    Hardly anyone would notice it..
    ------------------------------------------------------------------------------------------------------------------
    Fimmy Jallon is here ! Lets get Fimmy!

  19. #19
    Join Date
    Dec 2007
    Posts
    289
    Mentioned
    4 Post(s)
    Quoted
    86 Post(s)

    Default

    It's definitely an interesting thought exercise *ahem* to think of ways you could steal passwords through the distribution of a Simba script.

    Quote Originally Posted by destinyxx View Post
    Omg that is really scary... But, what if some scripter who uses auto updating of the scripts decides to put in some lines of code to extract info, for a day, and then revert it back?
    If I recall, auto-updating scripts were not permitted for a while. I'm not sure when that particular rule was allowed and what prompted its removal.

    Executing the code you have not read the source to, do not fully understand, etc. always carries risk. What's to say Simba itself doesn't snoop around on your computer? I don't want to scaremonger but it is absolutely a possibility that specific users could even be targetted.

  20. #20
    Join Date
    Jan 2015
    Posts
    31
    Mentioned
    0 Post(s)
    Quoted
    6 Post(s)

    Default

    Did not really think about people stealing username, password from script. Glad i found this thread and will now look on all the scripts i use to make sure its safe.

  21. #21
    Join Date
    Apr 2013
    Posts
    35
    Mentioned
    0 Post(s)
    Quoted
    6 Post(s)

    Default

    Thanks for the heads up man.

  22. #22
    Join Date
    May 2012
    Posts
    499
    Mentioned
    23 Post(s)
    Quoted
    228 Post(s)

    Default

    Is this still needed with the player manager?

  23. #23
    Join Date
    Feb 2013
    Posts
    31
    Mentioned
    1 Post(s)
    Quoted
    11 Post(s)

    Default

    Quote Originally Posted by lovebotter View Post
    Is this still needed with the player manager?
    Yes as not all the scripts have the player manager coded unless you wish to include that yourself.

  24. #24
    Join Date
    Feb 2007
    Location
    Alberta, Canada
    Posts
    4,615
    Mentioned
    50 Post(s)
    Quoted
    429 Post(s)

    Default

    Quote Originally Posted by sekirei View Post
    Yes as not all the scripts have the player manager coded unless you wish to include that yourself.
    Quote Originally Posted by lovebotter View Post
    Is this still needed with the player manager?
    It's also still possible to get the user/pass out of the player file if you did a little more work than normal. Player manager isn't a security function, it has two main features that I like to think of it as.

    1) It's a convenient thing - never have to put your user/pass into a script anymore. Just press play and go for it.
    2) It's safer for scripters - nobody accidentally forgets to remove their user/pass before posting the script.

    Scripts: Edgeville Chop & Bank, GE Merchanting Aid
    Tutorials: How to Dominate the Grand Exchange

    Quote Originally Posted by YoHoJo View Post
    I like hentai.

  25. #25
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Quote Originally Posted by 3Garrett3 View Post
    It's also still possible to get the user/pass out of the player file if you did a little more work than normal. Player manager isn't a security function, it has two main features that I like to think of it as.

    1) It's a convenient thing - never have to put your user/pass into a script anymore. Just press play and go for it.
    2) It's safer for scripters - nobody accidentally forgets to remove their user/pass before posting the script.
    this


    I wouldn't say there have been a lot of password stealing scripts TBH but when OSRS came out there were a couple posted and removed fairly quickly (I can only remember 1 TBH but there could have been others)

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •