Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: LUA!

From: Greg Hoglund <hoglund666 () gmail com>
Date: Sat, 5 Nov 2011 09:40:05 -0700
LUA is very popular with MMO game botting platforms as well.  I have seen
many games that include LUA legitimately.  For a few years I was aware
of some botting projects for WoW that were "industrial" grade - that is,
not sold to end-users but actually to sweat-shops in China (for the record,
I was not involved with these projects).  One of these botting systems was
using Ruby.  The most successful one I was aware of was C# layered over
native c.  That one was being used by a WoW sweatshop that had, on average,
over 1,000 simultaneous connections to Blizzards' servers at any given time
(so I was told).  What I found surprising is that the bot creator/vendor
wasn't making that much money - the sweatshop was making all the cash.
And, there was a constant threat of the bot being stolen and RE'd - so DRM
tactics were in use.  And, finally, if at any point Blizzard learned of the
bot then a single Warden update could wipe out the entire operation for
weeks until they retooled.  A weird business for sure.

-Greg
On Tue, Nov 1, 2011 at 8:50 AM, Dave Aitel <dave () immunityinc com> wrote:


Everyone basically ignores LUA <http://www.lua.org/about.html> as much as
possible - not as useful for large projects as Python or Ruby, not as fast
as C. But eventually every big C project wants a scripting language, and
they look around at licensing and features and choose LUA.

Wireshark is the obvious example, but LUA is small enough that it's a
natural fit for trojans as well - especially trojans that are embedded into
the memory space of something else (Outlook or your kernel, for example).

I notice that as of today D2 includes a LUA trojan, and that
WhitePhosphorus includes an exploit for the Wireshark LUA problem. Both of
which are fun to test!

--
INFILTRATE 2012 January 12th-13th in Miami - the world's best offensive information security 
conference.www.infiltratecon.com


_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave



_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: