Categories > Coding > Lua >

Get Desktop Username From Exploit


New Reply

Posts: 72

Threads: 11

Joined: Nov, 2018

Reputation: 6

Posted

So I was messing around with some things, and wanted to get the CWD of the exploit. And, well I did it, but I also figured out another way to get the username of the user. This can be easily be prevented by running the exploit in a directory higher than the "C:\Users" folder. And, you cannot do anything harmful aswell because: readfile, delfile and even isfolder, have been sandboxed to work only at the workspace folder only.

local words = {}

for word in ({({pcall(listfiles, '%appdata%')})[2]:match("([.]:.+\"(.+)\")")})[2]:gmatch('[^\\]+') do
    words[#words+1] = word
end

if words[2] then
    if words[3] then
        print("Username: "..words[3])
    end
end

Got a question? Well, I got no answers.

Posts: 65

Threads: 6

Joined: Jul, 2021

Reputation: 1

Replied

Unnecessary, but interesting.

Html, CSS, LUA  

 

         DEV

ThatPhoenix

i am an icon :evil_face:

Mention

Posts: 1725

Threads: 40

Joined: May, 2020

Reputation: 10

Replied

@Vilictus
Nothing here is "Unnecessary" , stop spreading false information.

Phoenix#8419

Road to 69 rep hehe

hehe funny

Posts: 2031

Threads: 129

Joined: Feb, 2020

Reputation: 16

Replied

@Vilictus All the more reason to show exploit developers that this could be an issue, making your first statement hypocritical.

H3x0R#4231 (GitHub, Script Repobtw light mode sucks
Reverse Engineer and Lego Hacker

Languages: Lua, C#, C++

If you DM me, make it worth my time. Ask your question straightforwardly.

ThatPhoenix

i am an icon :evil_face:

Mention

Posts: 1725

Threads: 40

Joined: May, 2020

Reputation: 10

Replied

@Vilictus

Still not unnesscessary, and like what h3x0r said your first statement would be hypocritical.

(And if your comparing people to mice, I'm sure you would be a rat)

Phoenix#8419

Road to 69 rep hehe

hehe funny

Posts: 65

Threads: 6

Joined: Jul, 2021

Reputation: 1

Replied

@ThatPhoenix

 

I mean 50% since some change the username, others don't, my point in the previous answer was that this script benefits MICE [information thieves] more than developers with dignity!! Unnecessary for some, necessary for others.

 

I didn't mean to offend anyone, just to differentiate the use of this script.  :')

 

 

 

Html, CSS, LUA  

 

         DEV

ThatPhoenix

i am an icon :evil_face:

Mention

Posts: 1725

Threads: 40

Joined: May, 2020

Reputation: 10

Replied

@Vilictus
Still though this isnt unnecessary in any way.

Phoenix#8419

Road to 69 rep hehe

hehe funny

0x90

0x90#2286

vip Mention

Posts: 189

Threads: 15

Joined: Dec, 2020

Reputation: 22

Replied

You can do the same approach by erroring readfile, I've seen some exploits pass directory to an error

simplydev

simply develop

Mention

Posts: 325

Threads: 27

Joined: Oct, 2020

Reputation: 3

Replied

@Vilictus Windows username is like discord username, its nothing bad on it.

simplydev | UI Designer | c2ltcGx5ZGV2ZWxvcA==#1895

i love u papi maximus <3

Rep Goal : 10


New Reply

Users viewing this thread:


( Members: 0, Guests: 1, Total: 1 )