[Executor Detection] Wave Executor Prevention

yes that’s basically what this entire discussion has devolved to just executor devs being dumb (being able to bypass their “protection” and allowing users to call these malicious functions. The best example of malicious functions are ScriptContext.SaveScriptProfilingData and LinkingService.OpenUrl.

2 Likes

Oh, I get your point now. But can’t their users only do this stuff on themselves?

1 Like

Hyperion made their security even worst
Now half of them has RCEs

As i said here is the guy who created that script.

Correct but it’s no surprise all you need to do is claim something and show a video of something working and you can just link any script (even if it’s obfuscated) and people will execute it (which is the sad part).

Back in the day if you used something REALLY bad where the injection manage to leak their env.
(havent seen this any recent examples of this but back in the day they used to use hookmetamethod to protect their env from malicious functions and if you didnt know hookmetamethod is fundamentally flawed and due to this (they dont hide their stacks) you can just getfenv and boom there’s their env basically allowing you to run things at an executor’s level which can lead to an RCE)

anyhow point is any rce’s are caused by the user themselves for being ignorant; executors are advertised as being safe but in reality they really arent 100%

2 Likes

Guy? You’re pressed, get over yourself weirdo. I didn’t create anything and why are you confusing an executor with a ‘script’. Are you not embarrassed?

This is completely unrelated.

chars limit

I said that here in this thread the guy is who created that script showed in the x post !!!

If you’re gonna say ANYTHING, then make it comprehendable. You’re being very weird just because of what I said and then you assume I wrote a “script” showed on Twitter. Please move around, it seems like you’re losing braincells each reply.

1 Like

Wait is Wave also vulnerable to some unrestricted methods like publish and OpenBrowserWindow or not? If yes, then a lot of people will abuse it.

you need to bypass their “prot” (it isnt hard)

2 Likes