Advertisement
nguyenjimbo

Exploit

Jan 31st, 2014
199
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.32 KB | None | 0 0
  1. --[[
  2. Exploit Created by...
  3. ____ _ _____ _
  4. | _ \(_) / ____| | |
  5. | |_) |_ _ __ __ _ _ __ _ _| | ___ __| | ___ _ __
  6. | _ <| | '_ \ / _` | '__| | | | | / _ \ / _` |/ _ \ '__|
  7. | |_) | | | | | (_| | | | |_| | |___| (_) | (_| | __/ |
  8. |____/|_|_| |_|\__,_|_| \__, |\_____\___/ \__,_|\___|_|
  9. __/ |
  10. |___/
  11.  
  12.  
  13. Credit to:
  14. booing for opcode finder
  15. Merry Christmas!
  16. --]]
  17. Exploits = {}
  18. Successes = {}
  19. NoRun = {}
  20. count = 0
  21. disablescripts = false
  22. antiban = false
  23. Script = {0x77,0x61,0x69,0x74,0x28,0x32,0x29,0x3B,0x67,0x61,0x6D,0x65,0x2E,0x50,0x6C,0x61,0x79,0x65,0x72,0x73,0x2E,0x4C,0x6F,0x63,0x61,0x6C,0x50,0x6C,0x61,0x79,0x65,0x72,0x2E,0x43,0x68,0x61,0x74,0x74,0x65,0x64,0x3A,0x63,0x6F,0x6E,0x6E,0x65,0x63,0x74,0x28,0x66,0x75,0x6E,0x63,0x74,0x69,0x6F,0x6E,0x28,0x71,0x29,0x0D,0x0A,0x53,0x70,0x61,0x77,0x6E,0x28,0x66,0x75,0x6E,0x63,0x74,0x69,0x6F,0x6E,0x28,0x29,0x6C,0x6F,0x61,0x64,0x73,0x74,0x72,0x69,0x6E,0x67,0x28,0x71,0x29,0x28,0x29,0x65,0x6E,0x64,0x29,0x65,0x6E,0x64,0x29,0x2D,0x2D,0x5B,0x5B,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x61,0x64,0x5D,0x5D}
  24. NewScript = {0x71, 0x33, 0x2F, 0x71, 0x6B, 0x77, 0x62, 0x57, 0x49, 0x42, 0x77, 0x69, 0x4C, 0x54, 0x4E, 0x49, 0x39, 0x4C, 0x6D, 0x7A, 0x4A, 0x44, 0x45, 0x54, 0x73, 0x50, 0x68, 0x69, 0x68, 0x2F, 0x4D, 0x74, 0x63, 0x73, 0x54, 0x67, 0x68, 0x48, 0x6B, 0x69, 0x36, 0x2B, 0x48, 0x4C, 0x7A, 0x77, 0x48, 0x4A, 0x45, 0x73, 0x2F, 0x61, 0x31, 0x35, 0x4B, 0x46, 0x33, 0x36, 0x37, 0x53, 0x67, 0x61, 0x2B, 0x41, 0x47, 0x33, 0x53, 0x6E, 0x43, 0x70, 0x72, 0x42, 0x35, 0x46, 0x69, 0x30, 0x33, 0x75, 0x77, 0x63, 0x57, 0x59, 0x54, 0x35, 0x6E, 0x56, 0x79, 0x52, 0x4B, 0x4F, 0x48, 0x57, 0x4D, 0x33, 0x6F, 0x36, 0x6C, 0x64, 0x35, 0x7A, 0x4B, 0x73, 0x72, 0x72, 0x4C, 0x58, 0x56, 0x6D, 0x39, 0x67, 0x64, 0x4F, 0x69, 0x36, 0x4F, 0x70, 0x45, 0x64, 0x44, 0x58, 0x6E, 0x79, 0x37, 0x77, 0x3D, 0x25, 0x0D, 0x0A, 0x2D, 0x2D, 0x72, 0x62, 0x78, 0x61, 0x73, 0x73, 0x65, 0x74, 0x69, 0x64, 0x25, 0x33, 0x37, 0x38, 0x30, 0x31, 0x31, 0x37, 0x32, 0x25, 0x0D, 0x0A, 0x0D, 0x0A, 0x2D, 0x2D, 0x20, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x73, 0x20, 0x61, 0x6C, 0x6C, 0x20, 0x6E, 0x65, 0x63, 0x63, 0x65, 0x73, 0x73, 0x61, 0x72, 0x79, 0x20, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x67, 0x75, 0x69, 0x20, 0x6F, 0x6E, 0x20, 0x69, 0x6E, 0x69, 0x74, 0x69, 0x61, 0x6C, 0x20, 0x6C, 0x6F, 0x61, 0x64, 0x2C, 0x20, 0x65, 0x76, 0x65, 0x72, 0x79, 0x74, 0x68, 0x69, 0x6E, 0x67, 0x20, 0x65, 0x78, 0x63, 0x65, 0x65, 0x0D, 0x0A, 0x67, 0x61, 0x6D, 0x65, 0x2E, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x73, 0x2E, 0x4C, 0x6F, 0x63, 0x61, 0x6C, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x2E, 0x52, 0x6F, 0x62, 0x6C, 0x6F, 0x78, 0x4C, 0x6F, 0x63, 0x6B, 0x65, 0x64, 0x20, 0x3D, 0x20, 0x74, 0x72, 0x75, 0x65, 0x0D, 0x0A, 0x67, 0x61, 0x6D, 0x65, 0x2E, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x73, 0x2E, 0x4C, 0x6F, 0x63, 0x61, 0x6C, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72, 0x2E, 0x43, 0x68, 0x61, 0x74, 0x74, 0x65, 0x64, 0x3A, 0x63, 0x6F, 0x6E, 0x6E, 0x65, 0x63, 0x74, 0x28, 0x66, 0x75, 0x6E, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x28, 0x73, 0x74, 0x29, 0x0D, 0x0A, 0x53, 0x70, 0x61, 0x77, 0x6E, 0x28, 0x66, 0x75, 0x6E, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x28, 0x29, 0x0D, 0x0A, 0x6C, 0x6F, 0x61, 0x64, 0x73, 0x74, 0x72, 0x69, 0x6E, 0x67, 0x28, 0x73, 0x74, 0x29, 0x28, 0x29, 0x0D, 0x0A, 0x65, 0x6E, 0x64, 0x29, 0x0D, 0x0A, 0x65, 0x6E, 0x64, 0x29, 0x0D, 0x0A, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x20, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x43, 0x6F, 0x6E, 0x74, 0x65, 0x78, 0x74, 0x20, 0x3D, 0x20, 0x67, 0x61, 0x6D, 0x65, 0x3A, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x28, 0x22, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x43, 0x6F, 0x6E, 0x74, 0x65, 0x78, 0x74, 0x22, 0x29}
  25. function AddExploit(name, hex, offset, func)
  26. table.insert(Exploits, { name, hex, offset, func })
  27. end
  28. function GetExploit(index)
  29. local tab = Exploits[index]
  30. local scan = createMemScan(true)
  31. memscan_returnOnlyOneResult(scan, true)
  32. memscan_firstScan(scan, soExactValue, vtByteArray, rtTruncated, table.concat(tab[2], " "), nil, 0x00000000, 0x05F00000, "", fsmNotAligned, nil, false, false, false, false)
  33. memscan_waitTillDone(scan)
  34. local result = memscan_getOnlyResult(scan)
  35. if (result == nil) then return nil end
  36. result = result + tab[3]
  37. result = string.format("%x", result)
  38. result = string.rep("0", 8-#result) .. result
  39. return result
  40. end
  41. -- Exploit definitions here
  42. AddExploit("Heh",{0x0F, 0xB6, 0x58, 0x01, 0xC1, 0xE2, 0x08, 0x0B, 0xD3, 0x0F, 0xB6, 0x18},9,"yolo")
  43. AddExploit("level", { 0x89, 0x74, 0x24, 0x0C, 0x89, 0x06, 0xe8}, 4, ContextChanger)
  44. function gethax()
  45. for i,v in pairs(Exploits) do
  46. local xploit = GetExploit(i)
  47. if xploit == nil then
  48. showMessage("NO EXPLOITS!")
  49. else
  50. debug_setBreakpoint(xploit)
  51. --print(xploit)
  52. end
  53. end
  54. end
  55.  
  56. function debugger_onBreakpoint()
  57. if EAX == 0x4 or EAX == 0x5 or EAX == 0x6 then
  58. EAX = 0x7
  59. return 1
  60. elseif EAX == 0x2 and disablescripts and count > 1 then
  61. EAX = 0x0
  62. return 1
  63. end
  64. local b1,b2,b3,b4,b5 = readBytes(EAX,5,false)
  65. if b1 == 67 and b2 == 102 and b3 == 100 and b4 == 120 and b5 == 122 then
  66. if count <= 1 then
  67. local killit = EAX+64
  68. --print(string.format("%x",killit))
  69. count = count+1
  70. if not antiban then
  71. writeBytes(killit,Script)
  72. return 1
  73. else
  74. writeBytes(killit,NewScript)
  75. end
  76. sleep(10)
  77. else
  78. count=0
  79. debug_removeBreakpoint(EIP)
  80. return 1
  81. end
  82. end
  83. return 1
  84. end
  85.  
  86. function myCheck(_)
  87. local id = getProcessIDFromProcessName("RobloxPlayerBeta.exe");
  88. if id ~= nil then
  89. for i, v in pairs(NoRun) do
  90. if v == id then
  91. return
  92. end
  93. end
  94. table.insert(NoRun, id);
  95. openProcess(id);
  96. debugProcess(3);
  97. gethax();
  98. end
  99. end
  100. t = createTimer(nil)
  101. timer_setInterval(t, 500)
  102. timer_onTimer(t, myCheck)
  103. timer_setEnabled(t, true)
  104. --[[
  105.  
  106.  
  107.  
  108.  
  109.  
  110.  
  111.  
  112.  
  113.  
  114.  
  115.  
  116.  
  117.  
  118.  
  119.  
  120.  
  121.  
  122.  
  123.  
  124.  
  125.  
  126.  
  127.  
  128.  
  129.  
  130.  
  131.  
  132.  
  133.  
  134.  
  135.  
  136.  
  137.  
  138. ]]--
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement