Does Kohl’s admin commands contain a virus?

Does kohl’s admin commands contain a virus? I’ve been hearing things about it containing a virus where people could hack your game. Is this true? If anyone knows please tell me because I use this. Thank you.

2 Likes

I highly doubt it has an intentional virus, so long as you have the actual model and not a fake. It may have accidental security flaws, though.

1 Like

Its a widely used admin model, It probably has no known faults, unless some accidental backdoor or corruption is in it. Depending how they use their admin system.

There are ways to exploit admin systems like this by spamming commands therefore overloading some systems depending what the command does, leading to the crash of your game.

1 Like

People need to stop asking questions against these popular admin scripts. These are trusted scripts with open sourced code that you can review yourself. If there was a vulnerability, it would have been greatly exploited already.

1 Like

Kohl’s has been exploited already at least once in the past. These questions are legitimate, if a little overblown (Kohl’s was the only one I know of that had an actual exploit)

They had no checking on what kinds of commands came through the remote event and you used to be able to run serverside code using kohl’s. That was a long time ago, though, and was fixed a long time ago as well.

1 Like

It should have been patched then if it’s still in use. They’re usually quickly patched if there is a problem. If someone has a worry against these scripts, they can make their own. I personally put my full trust in @Sceleratis’s Adonis to be secure and effective.

Khols and Epix are both becoming obsolete scripts at time goes on.

1 Like

This is somewhat true and somewhat false. Obviously over time things are updated and changed, so there’s always the potential that something could appear and be exploited, however it’s unlikely that it would last more than a few hours without the developer finding out about it. If a developer intentionally adds something, we can at least hope someone else would review it and find whatever it is. This isn’t always going to be the case, so just be aware that you are putting trust into people you probably don’t know by using their stuff in your game, which includes me for anyone who uses my stuff.

As always, making your own script if you can is ideal. If you can’t, at least make sure you are getting the model from the developer (in this case, Scripth) and NOT someone else. People frequently reupload popular scripts and models with malicious stuff added to them.

2 Likes

I suggest if you are a experienced scripter, than you should review it. Your reason of questioning it is because you heard that it may contain a virus. This is a unlikely situation. The owner of this “Admin” is respected. I’m sure that they would like to stay that way. You should try it out yourself. If this is the solution you were looking for make sure to mark it, so others don’t keep responding.

2 Likes

Fair point about kohl’s and epix being obsolete. I’m surprised Cmdr hasn’t seen much more wide use, since you can easily implement your own commands with it – copying from free models if you need to – and you can set up how it runs as well, chat or GUI.

Though that doesn’t mean they shouldn’t be used. It just means they’ve outlived their usefulness.

However that’s offtopic, so to get back on topic…

The only reason the Kohl’s exploit worked was due to an oversight regarding how permissions checking worked – you could falsify the userID attached to your Player and that somehow got past the permissions check, letting you do whatever you want, including making the model “update” itself to your own code.

It was patched in about two days, though, so I’m not surprised it’s not more talked about.

It does lend credibility to the “can admin command models give me viruses” question, but the whole issue also works just as well to summarize “you should know exactly what you’re injecting”.

1 Like

Yeah. Sceleratis keeps on top of any vulnerabilities in Adonis which is why I stick over there. As for cmdr, it’s really that not many people want to program from scratch. The security in cmdr is really down to however you write it which makes it either a really effective script or a massive problem.

The code behind Epix and Kohls is pretty old. Those vulnerabilities have had time to exploit which is one of the reasons I trust the scripts to be safe (even though I don’t use them since my preference is on Adonis). They’ve had their time to fix up holes.

There’s really always going to be a vulnerability in an admin script no matter how big or small. The question should really be “Does Khol’s admin commands contain vulnerabilities” where the answer would be yes, but not major ones (to my knowledge).

1 Like