[Executor Detection] Wave Executor Prevention

RevokeFriendship · August 16, 2024, 10:01pm

yes that’s basically what this entire discussion has devolved to just executor devs being dumb (being able to bypass their “protection” and allowing users to call these malicious functions. The best example of malicious functions are ScriptContext.SaveScriptProfilingData and LinkingService.OpenUrl.

v1uxz · August 16, 2024, 11:52pm

Oh, I get your point now. But can’t their users only do this stuff on themselves?

ErrorCezar · August 17, 2024, 12:56am

Hyperion made their security even worst
Now half of them has RCEs

MaxGamingYT129 · August 17, 2024, 3:17pm

As i said here is the guy who created that script.

RevokeFriendship · August 17, 2024, 4:25pm

Correct but it’s no surprise all you need to do is claim something and show a video of something working and you can just link any script (even if it’s obfuscated) and people will execute it (which is the sad part).

Back in the day if you used something REALLY bad where the injection manage to leak their env.
(havent seen this any recent examples of this but back in the day they used to use hookmetamethod to protect their env from malicious functions and if you didnt know hookmetamethod is fundamentally flawed and due to this (they dont hide their stacks) you can just getfenv and boom there’s their env basically allowing you to run things at an executor’s level which can lead to an RCE)

anyhow point is any rce’s are caused by the user themselves for being ignorant; executors are advertised as being safe but in reality they really arent 100%

v1uxz · August 18, 2024, 11:18pm

Guy? You’re pressed, get over yourself weirdo. I didn’t create anything and why are you confusing an executor with a ‘script’. Are you not embarrassed?

HexadecimalLiker · August 19, 2024, 1:06am

This is completely unrelated.

chars limit

MaxGamingYT129 · August 19, 2024, 11:16am

I said that here in this thread the guy is who created that script showed in the x post !!!

v1uxz · August 19, 2024, 2:50pm

If you’re gonna say ANYTHING, then make it comprehendable. You’re being very weird just because of what I said and then you assume I wrote a “script” showed on Twitter. Please move around, it seems like you’re losing braincells each reply.

weakroblox35 · August 19, 2024, 5:50pm

Wait is Wave also vulnerable to some unrestricted methods like publish and OpenBrowserWindow or not? If yes, then a lot of people will abuse it.

RevokeFriendship · August 20, 2024, 3:21am

you need to bypass their “prot” (it isnt hard)