API tools faq
paste
Advertisement
nguyenjimbo

Exploit

nguyenjimbo
Jan 31st, 2014
199
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.32 KB | None | 0 0
raw download clone embed print report
  1. --[[
  2. Exploit Created by...
  3. ____ _ _____ _
  4. | _ \(_) / ____| | |
  5. | |_) |_ _ __ __ _ _ __ _ _| | ___ __| | ___ _ __
  6. | _ <| | '_ \ / _` | '__| | | | | / _ \ / _` |/ _ \ '__|
  7. | |_) | | | | | (_| | | | |_| | |___| (_) | (_| | __/ |
  8. |____/|_|_| |_|\__,_|_| \__, |\_____\___/ \__,_|\___|_|
  9. __/ |
  10. |___/
  11.  
  12.  
  13. Credit to:
  14. booing for opcode finder
  15. Merry Christmas!
  16. --]]
  17. Exploits = {}
  18. Successes = {}
  19. NoRun = {}
  20. count = 0
  21. disablescripts = false
  22. antiban = false
  23. Script = {0x77,0x61,0x69,0x74,0x28,0x32,0x29,0x3B,0x67,0x61,0x6D,0x65,0x2E,0x50,0x6C,0x61,0x79,0x65,0x72,0x73,0x2E,0x4C,0x6F,0x63,0x61,0x6C,0x50,0x6C,0x61,0x79,0x65,0x72,0x2E,0x43,0x68,0x61,0x74,0x74,0x65,0x64,0x3A,0x63,0x6F,0x6E,0x6E,0x65,0x63,0x74,0x28,0x66,0x75,0x6E,0x63,0x74,0x69,0x6F,0x6E,0x28,0x71,0x29,0x0D,0x0A,0x53,0x70,0x61,0x77,0x6E,0x28,0x66,0x75,0x6E,0x63,0x74,0x69,0x6F,0x6E,0x28,0x29,0x6C,0x6F,0x61,0x64,0x73,0x74,0x72,0x69,0x6E,0x67,0x28,0x71,0x29,0x28,0x29,0x65,0x6E,0x64,0x29,0x65,0x6E,0x64,0x29,0x2D,0x2D,0x5B,0x5B,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x5D,0x5D}
  24. NewScript = {0x71, 0x33, 0x2F, 0x71, 0x6B, 0x77, 0x62, 0x57, 0x49, 0x42, 0x77, 0x69, 0x4C, 0x54, 0x4E, 0x49, 0x39, 0x4C, 0x6D, 0x7A, 0x4A, 0x44, 0x45, 0x54, 0x73, 0x50, 0x68, 0x69, 0x68, 0x2F, 0x4D, 0x74, 0x63, 0x73, 0x54, 0x67, 0x68, 0x48, 0x6B, 0x69, 0x36, 0x2B, 0x48, 0x4C, 0x7A, 0x77, 0x48, 0x4A, 0x45, 0x73, 0x2F, 0x61, 0x31, 0x35, 0x4B, 0x46, 0x33, 0x36, 0x37, 0x53, 0x67, 0x61, 0x2B, 0x41, 0x47, 0x33, 0x53, 0x6E, 0x43, 0x70, 0x72, 0x42, 0x35, 0x46, 0x69, 0x30, 0x33, 0x75, 0x77, 0x63, 0x57, 0x59, 0x54, 0x35, 0x6E, 0x56, 0x79, 0x52, 0x4B, 0x4F, 0x48, 0x57, 0x4D, 0x33, 0x6F, 0x36, 0x6C, 0x64, 0x35, 0x7A, 0x4B, 0x73, 0x72, 0x72, 0x4C, 0x58, 0x56, 0x6D, 0x39, 0x67, 0x64, 0x4F, 0x69, 0x36, 0x4F, 0x70, 0x45, 0x64, 0x44, 0x58, 0x6E, 0x79, 0x37, 0x77, 0x3D, 0x25, 0x0D, 0x0A, 0x2D, 0x2D, 0x72, 0x62, 0x78, 0x61, 0x73, 0x73, 0x65, 0x74, 0x69, 0x64, 0x25, 0x33, 0x37, 0x38, 0x30, 0x31, 0x31, 0x37, 0x32, 0x25, 0x0D, 0x0A, 0x0D, 0x0A, 0x2D, 0x2D, 0x20, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x73, 0x20, 0x61, 0x6C, 0x6C, 0x20, 0x6E, 0x65, 0x63, 0x63, 0x65, 0x73, 0x73, 0x61, 0x72, 0x79, 0x20, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x67, 0x75, 0x69, 0x20, 0x6F, 0x6E, 0x20, 0x69, 0x6E, 0x69, 0x74, 0x69, 0x61, 0x6C, 0x20, 0x6C, 0x6F, 0x61, 0x64, 0x2C, 0x20, 0x65, 0x76, 0x65, 0x72, 0x79, 0x74, 0x68, 0x69, 0x6E, 0x67, 0x20, 0x65, 0x78, 0x63, 0x65, 0x65, 0x0D, 0x0A, 0x67, 0x61, 0x6D, 0x65, 0x2E, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x73, 0x2E, 0x4C, 0x6F, 0x63, 0x61, 0x6C, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x2E, 0x52, 0x6F, 0x62, 0x6C, 0x6F, 0x78, 0x4C, 0x6F, 0x63, 0x6B, 0x65, 0x64, 0x20, 0x3D, 0x20, 0x74, 0x72, 0x75, 0x65, 0x0D, 0x0A, 0x67, 0x61, 0x6D, 0x65, 0x2E, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x73, 0x2E, 0x4C, 0x6F, 0x63, 0x61, 0x6C, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x2E, 0x43, 0x68, 0x61, 0x74, 0x74, 0x65, 0x64, 0x3A, 0x63, 0x6F, 0x6E, 0x6E, 0x65, 0x63, 0x74, 0x28, 0x66, 0x75, 0x6E, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x28, 0x73, 0x74, 0x29, 0x0D, 0x0A, 0x53, 0x70, 0x61, 0x77, 0x6E, 0x28, 0x66, 0x75, 0x6E, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x28, 0x29, 0x0D, 0x0A, 0x6C, 0x6F, 0x61, 0x64, 0x73, 0x74, 0x72, 0x69, 0x6E, 0x67, 0x28, 0x73, 0x74, 0x29, 0x28, 0x29, 0x0D, 0x0A, 0x65, 0x6E, 0x64, 0x29, 0x0D, 0x0A, 0x65, 0x6E, 0x64, 0x29, 0x0D, 0x0A, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x20, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x43, 0x6F, 0x6E, 0x74, 0x65, 0x78, 0x74, 0x20, 0x3D, 0x20, 0x67, 0x61, 0x6D, 0x65, 0x3A, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x28, 0x22, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x43, 0x6F, 0x6E, 0x74, 0x65, 0x78, 0x74, 0x22, 0x29}
  25. function AddExploit(name, hex, offset, func)
  26. table.insert(Exploits, { name, hex, offset, func })
  27. end
  28. function GetExploit(index)
  29. local tab = Exploits[index]
  30. local scan = createMemScan(true)
  31. memscan_returnOnlyOneResult(scan, true)
  32. memscan_firstScan(scan, soExactValue, vtByteArray, rtTruncated, table.concat(tab[2], " "), nil, 0x00000000, 0x05F00000, "", fsmNotAligned, nil, false, false, false, false)
  33. memscan_waitTillDone(scan)
  34. local result = memscan_getOnlyResult(scan)
  35. if (result == nil) then return nil end
  36. result = result + tab[3]
  37. result = string.format("%x", result)
  38. result = string.rep("0", 8-#result) .. result
  39. return result
  40. end
  41. -- Exploit definitions here
  42. AddExploit("Heh",{0x0F, 0xB6, 0x58, 0x01, 0xC1, 0xE2, 0x08, 0x0B, 0xD3, 0x0F, 0xB6, 0x18},9,"yolo")
  43. AddExploit("level", { 0x89, 0x74, 0x24, 0x0C, 0x89, 0x06, 0xe8}, 4, ContextChanger)
  44. function gethax()
  45. for i,v in pairs(Exploits) do
  46. local xploit = GetExploit(i)
  47. if xploit == nil then
  48. showMessage("NO EXPLOITS!")
  49. else
  50. debug_setBreakpoint(xploit)
  51. --print(xploit)
  52. end
  53. end
  54. end
  55.  
  56. function debugger_onBreakpoint()
  57. if EAX == 0x4 or EAX == 0x5 or EAX == 0x6 then
  58. EAX = 0x7
  59. return 1
  60. elseif EAX == 0x2 and disablescripts and count > 1 then
  61. EAX = 0x0
  62. return 1
  63. end
  64. local b1,b2,b3,b4,b5 = readBytes(EAX,5,false)
  65. if b1 == 67 and b2 == 102 and b3 == 100 and b4 == 120 and b5 == 122 then
  66. if count <= 1 then
  67. local killit = EAX+64
  68. --print(string.format("%x",killit))
  69. count = count+1
  70. if not antiban then
  71. writeBytes(killit,Script)
  72. return 1
  73. else
  74. writeBytes(killit,NewScript)
  75. end
  76. sleep(10)
  77. else
  78. count=0
  79. debug_removeBreakpoint(EIP)
  80. return 1
  81. end
  82. end
  83. return 1
  84. end
  85.  
  86. function myCheck(_)
  87. local id = getProcessIDFromProcessName("RobloxPlayerBeta.exe");
  88. if id ~= nil then
  89. for i, v in pairs(NoRun) do
  90. if v == id then
  91. return
  92. end
  93. end
  94. table.insert(NoRun, id);
  95. openProcess(id);
  96. debugProcess(3);
  97. gethax();
  98. end
  99. end
  100. t = createTimer(nil)
  101. timer_setInterval(t, 500)
  102. timer_onTimer(t, myCheck)
  103. timer_setEnabled(t, true)
  104. --[[
  105.  
  106.  
  107.  
  108.  
  109.  
  110.  
  111.  
  112.  
  113.  
  114.  
  115.  
  116.  
  117.  
  118.  
  119.  
  120.  
  121.  
  122.  
  123.  
  124.  
  125.  
  126.  
  127.  
  128.  
  129.  
  130.  
  131.  
  132.  
  133.  
  134.  
  135.  
  136.  
  137.  
  138. ]]--
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!