oxcool
|
  |
| Joined: 05 Nov 2009 |
| Total Posts: 101 |
|
|
| 04 Sep 2013 05:47 PM |
Yes, thats probably the best anti-exploit against lvl 4,7 exploiters. The idea is pretty simple: As soon as the exploiter activates level 4 or level 7 in his client, all the other localscripts will run in the same security thus allowing you to control the exploiter's client in high level security. In addition, you can use these dangerous methods such as HttpPost in his client without any error. That can be useful, but dangerous. Yesterday Seranok was showing off his lvl4 exploit, and I had the ability to run localscripts on him(it was in my SB). With that, I could of stolen about 900k R$ from him, thats why its pretty dangerous too.
The exploiter is risking himself if he exploited. But I still think thats pretty abuseful, especially if the exploiter was rich. Should be patched but why not 'hack' the exploiter? |
|
|
| Report Abuse |
|
|
cntkillme
|
  |
| Joined: 07 Apr 2008 |
| Total Posts: 44956 |
|
| |
|
Lumpeh
|
  |
| Joined: 30 Aug 2010 |
| Total Posts: 68 |
|
| |
|
oxcool
|
  |
| Joined: 05 Nov 2009 |
| Total Posts: 101 |
|
|
| 04 Sep 2013 05:54 PM |
Ya, me&blocco and Seranok were abusing this yesterday.
Seranok has 990k R$ and 3M tix o-o
Blocco: 27k R$ and 25k tix |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 04 Sep 2013 05:57 PM |
| That's why I join games on my alt now |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 04 Sep 2013 05:57 PM |
| But..... on the other hand this works w/ lvl 4 http://www.roblox.com/Wallet-GUI-item?id=128730035 |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 04 Sep 2013 05:58 PM |
"me&blocco and Seranok were abusing this yesterday"
hey i coulda done some bad things i didnt abuse it i didnt even run requests on other people's clients |
|
|
| Report Abuse |
|
|
oxcool
|
  |
| Joined: 05 Nov 2009 |
| Total Posts: 101 |
|
|
| 04 Sep 2013 06:01 PM |
because you were the only client with lvl4 at that time. Seranok deactivated his for safety.
|
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 04 Sep 2013 06:04 PM |
Even if you all had level 4, I would not have run requests on your client. I don't have any reason to make you purchase things using urls without asking
although i see how that can be fun |
|
|
| Report Abuse |
|
|
oxcool
|
  |
| Joined: 05 Nov 2009 |
| Total Posts: 101 |
|
|
| 04 Sep 2013 06:06 PM |
| well, i did run a post request for test. Only took 5 tickets from you, thats ok right. |
|
|
| Report Abuse |
|
|
|
| 04 Sep 2013 06:07 PM |
Because it's /so/ hard if you are making an exploit to just hook into an already elevated script instead of blanket escalating all scripts that say please. Heck, even if you do hook into the privilege sub it's trivial to check if the script chunk name matches =LOLEVIL. Unless they are using the one I told blocco about and he BETTER not have leaked to Seranok and that BETTER not be how they were using level 4, and even then you can only whitelist specific scripts. |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 04 Sep 2013 06:14 PM |
| I will formally accept the purchase on your behalf, oxcool. I will not declare it a forced purchase. |
|
|
| Report Abuse |
|
|
booing
|
  |
| Joined: 04 May 2009 |
| Total Posts: 6594 |
|
|
| 04 Sep 2013 06:15 PM |
@oxcool The only reason that I fell for it was because you worded it as if you made it impossible - all I have to do is not reload the original source or only load whitelisted hashed sources. |
|
|
| Report Abuse |
|
|
HEAT507
|
  |
| Joined: 31 Aug 2012 |
| Total Posts: 429 |
|
|
| 04 Sep 2013 06:48 PM |
people do this to me in SB free loaders. |
|
|
| Report Abuse |
|
|
|
| 04 Sep 2013 07:17 PM |
Make a warning system with this ;) 1 - kick 2 - do something hacky but not overboard 3 - steal all currency |
|
|
| Report Abuse |
|
|
|
| 04 Sep 2013 07:19 PM |
"2 - do something hacky but not overboard" > not overboard "3 - steal all currency" |
|
|
| Report Abuse |
|
|
|
| 04 Sep 2013 08:26 PM |
No need to be overboard for warning 2. If they haven't learned by 3, teach them a lesson they'll never forget. |
|
|
| Report Abuse |
|
|
Nikilis
|
  |
| Joined: 25 Dec 2008 |
| Total Posts: 949 |
|
|
| 04 Sep 2013 08:45 PM |
| Or steal currency right away then ban them permanently right away, no warnings. |
|
|
| Report Abuse |
|
|
cntkillme
|
  |
| Joined: 07 Apr 2008 |
| Total Posts: 44956 |
|
|
| 04 Sep 2013 08:45 PM |
| Stealing currency is just messed up, unless the person is an exploiter, i wouldn't do it. |
|
|
| Report Abuse |
|
|
| |
|
cntkillme
|
  |
| Joined: 07 Apr 2008 |
| Total Posts: 44956 |
|
|
| 04 Sep 2013 08:49 PM |
| Yeah, maybe I should actually read all the replies... |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 04 Sep 2013 09:27 PM |
What oxcool is saying:
If you exploit, you can be exploited |
|
|
| Report Abuse |
|
|
|
| 04 Sep 2013 09:41 PM |
| I don't get it, why don't exploiters just use a script with an already elevated context? Are they not smart enough? JoinScript would work fine. |
|
|
| Report Abuse |
|
|
bohdan77
|
  |
| Joined: 10 Aug 2008 |
| Total Posts: 7944 |
|
| |
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 04 Sep 2013 10:16 PM |
| I don't know if that still works |
|
|
| Report Abuse |
|
|