Honestly, I believe those must of been backdoored models as well as fake ones as I know HD admin wouldn’t have backdoors in it he’s a very known developer.
1 Like
HD admin is made by trusted people such as Oblivious.
and No it doesn’t have a backdoor.
The backdoor was a fake HD admin model.
and it was confirmed.
2 Likes
Glad, I was right on the statement I just made.
2 Likes
What you’re experiencing at the moment is completely unrelated to Kohl’s admin commands. The last time it had a major vulnerability was before FilteringEnabled was a thing. Kohl’s utilized loadstring() on a StringValue object to execute code via the :s and :ls commands.
Now that FilteringEnabled is mandatory for all Roblox experiences, this is no longer an issue. You are either using a fake version of the admin script, or there is another script/plugin that is allowing exploiters to remotely execute server-sided code from your game.
1 Like
This can’t be the case, the users were server banned by the exploiter I saw a clip of it, and I’m 100% sure I’m using the original kohls but I can double check once more.
1 Like
This is 100% possible if your game was backdoored – which it most likely was.
In order to verify you’re running on the real version of Kohl’s source code, open the “Loader” script and find the segment of code that invokes require(). From there you can navigate to the library and paste the ID that is being imported.
For example:
This whole ordeal is kinda freaking me out to be honest.
1 Like
Kohls is just super outdated, I know it’s unprotected that’s 100% for sure my friend made a crash script a while ago which I patched.
Kohls admin is not backdoored, if you are experiencing strange behaviour you likely have a fake model.
The only real one is Kohl's Admin Infinite - Roblox
However, there is a vulnerability where players are being banned from roblox (in the RCR discord announcements for more info @revnges), this is not related to the official kohls admin and is an issue with the way Roblox handles messages via events.
Citing from RCR discord:
The only “truthful” thing about the Kohl’s situation is that there is a malicious Roblox Studio plugin that was created to inject a backdoored copy of Kohl’s Admin that allows exploiters to execute server-sided code into games, which is where the whole rumor about any games with Kohl’s admin being able to result in you being terminated started from. This is not the case.
1 Like
You honestly have nothing to worry about unless you’re using malicious scripts or plugins. You’re still able to play all your favorite games on Roblox without having to worry about being banned or terminated.
Okay, that makes much more sense I’m a bit confused about what you mean by it’s an issue within Roblox? Are you able to explain further on that? Kohls is just super outdated, I know it’s unprotected that’s 100% for sure my friend made a crash script a while ago which I patched.
Sure, so Roblox fires the TextChatService.SendingMessage event when you use the TextChannel:SendAsync method to broadcast your input to the server, which in turn replicates your message to all other clients in-game. Malicious developers can take advantage of this by firing the chat RemoteEvent when you join the game to spoof incoming messages from your behalf.
If they send highly profane messages, it can lead to moderation action against your account. This is an old vulnerability which was reported to Roblox last year however has not been fixed.
1 Like
Ah, that makes so much more sense so this could be the reason the user can ban players from the since they are pretending to be me by spoofing the client into thinking they are me. If that’s the case how would I go exactly about patching this method?
1 Like
I don’t know much about this, although I’m sure we’ll hear a response from Roblox or the community on how to do so in the coming days.
I’ll update this thread if I find out more.
1 Like
Thank you so much. I believe my only option at the moment is to switch from Kohls to Adonis.
1 Like
me when i purposely spread misinformation
go install the real one, stop using blatant backdoors
1 Like