That require just leads to the module for Khols admin? This isn’t a backdoor at all. You must have another backdoor elsewhere in your scripts.
At one point, Kohl’s Admin was theorized to have a backdoor at some point.
One my favorite YouTubers constructed an entire video about the entire fiasco, and it talked about a lot of things from Kohl’s really shady past to basically a free model popup for a “chair” owned by one of the people in Kohl’s group. This chair free model would apparently come up for strangers who visited the game and not the owner. They even went so far as to interview the owner of the “Chair” free model, in which the creator stated that “they are not who we are testing” when being asked about how it wouldn’t appear for the creator of the game. They also said that the sources for the “shady past” segment had little to no evidence supporting those claims, so it should be taken with a grain of salt.
Though, seeing how popular Kohl’s Admin is and how the video is now unlisted, I doubt there is anything close to a backdoor. The code you just saw is probably just the Module Script that contains all the commands and stuff.
This is happening to tons of other people though. The game it teleports you to has about 2 million visits. Couldn’t there be something within the Module?
Well there could be techically, but I highly doubt it. You should really focus on looking at other scripts as Scripth is a well trusted developer.
I understand. Could you tell me what I should look for though? Just so I can check the Module.
Here are some information to help with your search
I’ve seen similar occurrences of this happening & If you really have to blame Kohl’s Admin then what I would recommend doing put Kohl’s Admin in a baseplate game with no models, and make sure you wait for 1-5 minutes If It doesn’t happen I would shut down the servers and try again two more times, If It doesn’t teleport you anywhere then I think you should check all your game models & scripts.
Edit: Make sure you check all your plugins and make sure there’s no suspicious activity going on there.
Ok so I got the ID of the module and it leads to this failed attempt at obfuscation
The script is so large that my post hits the maximum character limit so here is a pastebin: Kohl's MainModule (ID 1868400649) - Pastebin.com
But then I looked through the script’s children I found an even more concerning one.
script
--[[
Credit to einsteinK.
Credit to Stravant for LBI.
Credit to the creators of all the other modules used in this.
Sceleratis was here and decided modify some things.
einsteinK was here again to fix a bug in LBI for if-statements
--]]
local waitDeps = {
'Rerubi';
'LuaK';
'LuaP';
'LuaU';
'LuaX';
'LuaY';
'LuaZ';
}
for i,v in pairs(waitDeps) do script:WaitForChild(v) end
local luaX = require(script.LuaX)
local luaY = require(script.LuaY)
local luaZ = require(script.LuaZ)
local luaU = require(script.LuaU)
local Rerubi = require(script.Rerubi)
luaX:init()
local LuaState = {}
return function(str,env)
local f,writer,buff
local ran,error=pcall(function()
local zio = luaZ:init(luaZ:make_getS(str), nil)
if not zio then return error() end
local func = luaY:parser(LuaState, zio, nil, "@input")
writer, buff = luaU:make_setS()
luaU:dump(LuaState, func, writer, buff)
f = Rerubi(buff.data, env)
end)
if ran then
return f,buff.data
else
return nil,error
end
end
The children of that script doesn’t matter but it implements a custom loadstring.
A little off topic: You are better off writing your own admin commands so this can’t happen.
I have friends using things other than Kohl’s that suffer the “loading…” back door. I believe it is a plug-in likely, as I’ve noticed that scripts get imported randomly into bricks in workspace that cause this back door in my friends’ games.
To check your own, put “script” in the search for workspace and you’ll see all the scripts in the game. They usually are named “fix” or are empty named “”
I’m uncertain as to which plugin would cause this but it’s best practice to remove all plugins you don’t actively have a use for.
Yep that looks like something.You can usually search for stuff with Loadstring and require to find scripts you didn’t add in.
Yeah it is quite odd. This just opens a ton of doors to exploiting. Again I just recommend writing your own admin commands since it allows for more flexibility and you can guarantee there won’t be backdoors like this
This is within the Kohl’s Admin Module.
I found something suspicious in the module code that @sjr04 provided for us please take a look at this line, I’m uncertain though.
Line 356 < Either used for :rejoin or something suspicious. Not sure.
Most likely there’s nothing wrong there,if the specific command is running the code right after it then its teleporting the player to the same place the script is located at right now (game)
Its literally a rejoin function
Pretty sure Khols admin is constantly checked for stuff like this. If a backdoor/Massive security flaw was actually present It would not just go unnoticed.
I know but there’s a lot of suspicious stuff in there lol. This stuff has only been going on for 2 days now and it was updated the day all of this had started.
That’s what I thought but It’s been happening since like June 10ish
Well as always you can just talk to @Scripth to report a security flaw if you think a new one has emerged. But I highly doubt there is a backdoor/Major security flaw in his admin.
have you tried not using kohl’s admin and seeing if the issue persists?
bare in mind that theres already an overwhelming amount evidence about a hidden backdoor here, though it doesn’t hurt to try