generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: Would this be an ideal approach to escaping a sandbox?

Previous Thread :: Next Thread 
12packkid is not online. 12packkid
Joined: 24 Jun 2011
Total Posts: 1418
30 Oct 2014 09:01 AM
Okay, so I was busy trying to escape some script builder sandboxes, dunno why. I went to test this on some other weak sandboxes, and this actually escaped them.
But yeah, would this be an ideal approach to escaping a sandbox?

local oxSandbox1,oxSandbox2,oxSandbox3 = getfenv(),getfenv(0),getfenv(1)
-- their metatables are locked, but still gonna print them anyway
print(getmetatable(oxSandbox1),getmetatable(oxSandbox2),getmetatable(oxSandbox3))
local s1,s2,s3 = oxSandbox1,oxSandbox2,oxSandbox3
coroutine.wrap(function()
setfenv(s1,{})
setfenv(s2,{})
end)()
rawset(s1,"testKey","1")
rawset(s2,"testKey","2")
if rawget(s1,"testKey") then
print"Bypassed sandbox"
else
error"Sandbox not bypassed!"
end
if rawget(s2,"testKey") then
print"Bypassed sandbox2"
else
error"Sandbox not bypassed"
end
setmetatable(0,{__index=function()error"noPls"end,__newindex=function()error"noPls"end,__metatable="Locked"})
setmetatable(1,{__index=function()error"noPls"end,__newindex=function()error"noPls"end,__metatable="Locked"})
print(getmetatable(s1),getmetatable(s2))




Report Abuse
12packkid is not online. 12packkid
Joined: 24 Jun 2011
Total Posts: 1418
30 Oct 2014 09:02 AM
Ooops, sorry, that one is broken. This is the correct one:

local oxSandbox1,oxSandbox2,oxSandbox3 = getfenv(),getfenv(0),getfenv(1)
-- their metatables are locked, but still gonna print them anyway
print(getmetatable(oxSandbox1),getmetatable(oxSandbox2),getmetatable(oxSandbox3))
local s1,s2,s3 = oxSandbox1,oxSandbox2,oxSandbox3
coroutine.wrap(function()
setfenv(0,{})
end)()
rawset(s1,"testKey","1")
rawset(s2,"testKey","2")
if rawget(s1,"testKey") then
print"Bypassed sandbox"
else
error"Sandbox not bypassed!"
end
if rawget(s2,"testKey") then
print"Bypassed sandbox2"
else
error"Sandbox not bypassed"
end
setmetatable(0,{__index=function()error"noPls"end,__newindex=function()error"noPls"end,__metatable="Locked"})
setmetatable(1,{__index=function()error"noPls"end,__newindex=function()error"noPls"end,__metatable="Locked"})
print(getmetatable(s1),getmetatable(s2))




Report Abuse
Procellus is not online. Procellus
Joined: 28 Oct 2014
Total Posts: 1525
30 Oct 2014 01:33 PM
God, what sandboxes could you bypass with this?

Report Abuse
12packkid is not online. 12packkid
Joined: 24 Jun 2011
Total Posts: 1418
30 Oct 2014 01:52 PM
idk, i went to a couple of script builders.
it broke them for sure, though.
Report Abuse
qzok is not online. qzok
Joined: 27 Oct 2014
Total Posts: 39
30 Oct 2014 08:09 PM
OP is too basic Lol
Report Abuse
anaIyzes is not online. anaIyzes
Joined: 27 Oct 2014
Total Posts: 5
31 Oct 2014 02:28 PM
real analyze is above me
Report Abuse
morash is not online. morash
Joined: 22 May 2010
Total Posts: 5834
31 Oct 2014 02:38 PM
There's always a good reason to set setfenv and getfenv to nil when your trying to sandbox something. :P
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
31 Oct 2014 04:42 PM
> would this be an ideal approach to escaping a sandbox?

No because any strong sandbox won't be vulnerable to this.
Report Abuse
12packkid is not online. 12packkid
Joined: 24 Jun 2011
Total Posts: 1418
31 Oct 2014 04:59 PM
How would you escape one then? I'm trying to break oxcool1's script builder sandbox, but that is probably the strongest one I've seen.
Report Abuse
JarodOfOrbiter is not online. JarodOfOrbiter
Joined: 17 Feb 2011
Total Posts: 20029
31 Oct 2014 05:36 PM
But it won't work if you use something like Anaminus's SB, which is different.
Report Abuse
qzok is not online. qzok
Joined: 27 Oct 2014
Total Posts: 39
31 Oct 2014 06:20 PM
If you can't break a sandbox then ur a script kiddie Lol
Report Abuse
rtrn is not online. rtrn
Joined: 15 Jun 2015
Total Posts: 1601
24 Oct 2015 11:15 AM
bump i need one


hi guys
Report Abuse
rtrn is not online. rtrn
Joined: 15 Jun 2015
Total Posts: 1601
24 Oct 2015 11:16 AM



hi guys
Report Abuse
BothAngles is not online. BothAngles
Joined: 01 Dec 2011
Total Posts: 9604
24 Oct 2015 11:17 AM
2bad skid
Report Abuse
rtrn is not online. rtrn
Joined: 15 Jun 2015
Total Posts: 1601
24 Oct 2015 11:20 AM
dkekekek


hi guys
Report Abuse
TheQuantumDoge is not online. TheQuantumDoge
Joined: 18 Sep 2013
Total Posts: 2192
01 Apr 2016 09:53 PM
when i did it all i really needed to do was rawget(getfenv(require()),'require')(332153003)
but i forget exactly how i did it all i know is i was able to do it with something simalar to rawget(getfenv(require()),'require')(332153003)
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image