Categories > Coding > Lua >
Get Desktop Username From Exploit
Posted
So I was messing around with some things, and wanted to get the CWD of the exploit. And, well I did it, but I also figured out another way to get the username of the user. This can be easily be prevented by running the exploit in a directory higher than the "C:\Users" folder. And, you cannot do anything harmful aswell because: readfile, delfile and even isfolder, have been sandboxed to work only at the workspace folder only.
local words = {}
for word in ({({pcall(listfiles, '%appdata%')})[2]:match("([.]:.+\"(.+)\")")})[2]:gmatch('[^\\]+') do
words[#words+1] = word
end
if words[2] then
if words[3] then
print("Username: "..words[3])
end
end
GitHub: https://github.com/sound-infinity
Discord: SoundInfinity#2135
Replied
You can do the same approach by erroring readfile, I've seen some exploits pass directory to an error
Cancel
Post
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post