zbizu
Legendary OT User
forgot to test that on mc
Yeah, for longer scripts it's better.
Your feature might be useful on dedicated servers to quickly execute something without using putty/winscp.
I have to warn everyone: luascript channel(in both scripts) is dangerous itself - If someone knows lua and linux well and have access to that channel, he may get access to server system/hack your ots easily. This channel with os.execute() is basically like a terminal, this is why that channel should be available for trusted admins only.
Seriously, if examples below are possible, then imagine what else.
to block os.execute() use this:
However, reading config.lua is still possible and it's harder to block because for example: ("c" .. "onfig" .. "." .. "lua") will get around filter like this on os.execute. Currently I don't have any solution for this so just be careful and don't allow random people to use that channel.
Yeah, for longer scripts it's better.
Your feature might be useful on dedicated servers to quickly execute something without using putty/winscp.
I have to warn everyone: luascript channel(in both scripts) is dangerous itself - If someone knows lua and linux well and have access to that channel, he may get access to server system/hack your ots easily. This channel with os.execute() is basically like a terminal, this is why that channel should be available for trusted admins only.
Seriously, if examples below are possible, then imagine what else.
Code:
os.execute("color 70")
os.execute("tasklist")
to block os.execute() use this:
Code:
if message:match('os.execute') then
return false
end
However, reading config.lua is still possible and it's harder to block because for example: ("c" .. "onfig" .. "." .. "lua") will get around filter like this on os.execute. Currently I don't have any solution for this so just be careful and don't allow random people to use that channel.
Last edited: