Jump to content
Search In
  • More options...
Find results that contain...
Find results in...



#0
Guest

User Menu


Sign In

Sign In



Sign Up

Forum Menu


Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!

Rusty

Member
  • Content Count

    8
  • Joined

  • Last visited

About Rusty

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. While Lua support is no longer supported by Oxide for public plugins submitted on our site, you can still install the Lua extension for Oxide to enable .lua plugins written in Lua if your host allows it. Download the Oxide.Core.Lua.dll extension from Bintray.com Download the dependencies for the extension from our GitHub repo Completely shutdown the server so that it is no longer running in order to replace any existing files Move/upload the files you downloaded to the location where the rest of Oxide's files are installed at Startup the server and you're good to go! To install .lua plugins, simply place them under oxide/plugins Lua is no longer bundled in each Oxide build due to there not being enough interest and dedicated support for the language since C# replaced it as the primary language for public Oxide plugins. There are not many public plugins written in Lua remaining, but the extension will be maintained as necessary for basic plugin functionality. Credits: Wulf
  2. While JavaScript and CoffeeScript support is no longer supported by Oxide for public plugins submitted on our site, you can still install the JavaScript extension for Oxide to enable .js and .coffee plugins written in JavaScript and CoffeeScript respectively if your host allows it. Download the Oxide.Core.JavaScript.dll extension from Bintray.com Download the dependencies for the extension from our GitHub repo Completely shutdown the server so that it is no longer running in order to replace any existing files Move/upload the files you downloaded to the location where the rest of Oxide's files are installed at Startup the server and you're good to go! To install .js or .coffee plugins, simply place them under oxide/plugins JavaScript and CoffeeScript are no longer bundled in each Oxide build due to there not being enough interest and dedicated support for the language. There are very few public plugins written in JavaScript or CoffeeScript, but the extension will be maintained as necessary for basic plugin functionality. Credits: Wulf
  3. While Python support is no longer supported by Oxide for public plugins submitted on our site, you can still install the Python extension for Oxide to enable .py plugins written in Python if your host allows it. Download the Oxide.Core.Python.dll extension from Bintray.com Download the dependencies for the extension from our GitHub repo Completely shutdown the server so that it is no longer running in order to replace any existing files Move/upload the files you downloaded to the location where the rest of Oxide's files are installed at Startup the server and you're good to go! To install .py plugins, simply place them under oxide/plugins Python is no longer bundled in each Oxide build due to there not being enough interest and dedicated support for the language. There are very few public plugins written in Python, but the extension will be maintained as necessary for basic plugin functionality. Credits: Wulf
  4. Downloading the dedicated server To get started we need to go download SteamCMD, this is basically a Console Client for Steam that allows us to install and update the dedicated server files using a command-line interface. Just download SteamCMD and extract the contents of the zip file to a folder. Once you've done that run SteamCMD and you'll notice that it will start downloading an update, this is just all the required files for SteamCMD to work that are being downloaded and installed. Once this is ready you should be able to access the command-line. Once you're in the Steam prompt we start with logging in as Anonymous by just typing login anonymous, once you've done that you'll see a connecting message and licence info message popping up, after that the Steam> prompt re-appears. Now we'll set the directory where we want to install our Rust Server by using force_install_dir <path>, now that we have done this we can start downloading the Rust Server files by running the following command: app_update 258550 Be a bit patient now since this takes a few minutes depending on your internet connection. Once this has finished you will notice that all the dedicated server files have been downloaded to the specified path you used in the command force_install_dir earlier. Basic install/update script @steamcmd +login anonymous +app_update 258550 validate +quit pause Adding Oxide 2 to the server Download the latest Oxide 2 build that is compatible with your server version first. Once you've downloaded the latest build, extract it to the folder where RustDedicated.exe is located and overwrite when prompted. This will add the required Oxide 2 files and the modified Rust files which will load Oxide 2. Starting the server Now comes the easy part, starting the server. Start by creating a file using a text editor with the below code: @echo off RustDedicated.exe -batchmode +server.port 28015 +rcon.port 28016 +rcon.ip 0.0.0.0 +rcon.password "changeme" Now save this .bat file and run it, this should launch the server and a similar window should be shown: Joining your server To join your server, launch Rust, open the in-game console with F1 and type client.connect 127.0.0.1:28015. When you want to your friends to be able to join you as well you will have to use your external IP instead, and you'll most likely need to forward the ports you set above in your router or modem settings. Adding players as admin/moderator See Admin and moderators in Rust | Oxide Good luck and have fun! Credits: Wulf
  5. I started a few accounts that can be used for icons in chat messages. 76561198127163614 Example Usage: rust.BroadcastChat("Follow us on Twitter @OxideMod for updates!", null, "76561198127163614"); rust.BroadcastChat("Follow us on Twitter @OxideMod for updates!", nil, "76561198127163614") Credits: Wulf
  6. ith this guide I would first like to raise awareness in regards to SQL injections and then explain approaches to preventing SQL injections within Oxide. SQL injections An SQL injection is a type of attack used to attack databases. This attack is executed by making use of malicious user input and often allows clients to manipulate a database at will. Let's assume our table looks like this: +---+------+--------+ |id | name | name2 | +---+------+--------+ id is some sort of integer, name and name2 are strings. A possible query for this table might look like this: mysql.NewSql().Append("SELECT * FROM table WHERE name = \"" + arg[0] + "\" AND name2 = \"" + arg[1] + "\";") Assuming arg[0] and arg[1] are input strings provided by the user, this query is vulnerable to SQL injections. The first possible attack ends the query via a quote to inject custom SQL code after the input: arg[0] = "\"; DROP TABLE table;--" arg[1] = "" When combined with the SQL query, this results in the following query: SELECT * FROM table WHERE name = ""; DROP TABLE table;-- AND name2 = ""; First a select is executed, then the table is dropped and the rest is commented out. The second possible attack ends the query via a quote to ignore the second condition name2 = "": arg[0] = "foo\";--" arg[1] = "" This results in the following query when combined: SELECT * FROM table WHERE name = "foo";-- AND name2 = ""; The select is executed without considering the second condition because the second condition is commented out. The first attack is generally dangerous because you don't want your users to be able to delete your data, the second attack is dangerous in regards to bypassing authentication and leaking data. Let's assume name and name2 are username and password, then the attacker would be able to authenticate as any user without the password being considered. This might also result in the database leaking data when the result of the select can be accessed by the attacker, giving him access to data he shouldn't have access to. There are more possible attack vectors than this. You should always protect yourself against SQL injections when user input is involved. Preventing SQL injections in Oxide There are effectively two different types of mechanisms in Oxide that help with preventing SQL injections. The following applies to both the sqlite and the mysql extension, the only difference being that mysql is replaced with sqlite. The first one prevents multiple queries being executed in a single .Append() call, meaning the following code is invalid when added to the SQL query in a single call: SELECT * FROM table; DROP TABLE table; This automatically prevents the first kind of attack I mentioned, as the attacker cannot drop the table after ending the query with a quote. The second one prevents all kinds of attacks using parameterized queries. Parameterized queries are queries where user input is replaced with a placeholder. The SQL driver then parses the parameterized query, removes malicious code from user input and inserts the clean user input into the placeholders. In Oxide, our query from above can be written as a parameterized query as follows: mysql.NewSql().Append("SELECT * FROM table WHERE name = @0 AND name2 = @1;", arg[0], arg[1]) @0 and @1 are the placeholders for the arguments provided in the varargs list after the query in our .Append() call. @0 refers to the first argument supplied, in this case arg[0], while @1 refers to the second argument supplied, in this case arg[1]. Placeholders may not be enclosed by quotation marks. This parameterized query protects the database from the full spectrum of SQL injections. The actual C# syntax is very similar, just that you may use new Sql(query, args) instead of mysql.NewSql().Append(query, args) To sum it up, use parameterized queries whenever possible, even when input isn't derived from user input, as you might change that in the future and then forget that this kind of input isn't protected against SQL injections. Credits: sqroot
  7. Wine setup: sudo add-apt-repository ppa:ubuntu-wine/ppa sudo apt-get update sudo apt-get install -y wine1.7 winetricks Bare startup script: WINEARCH=win64 WINEPREFIX=~/.wine64 wine RustDedicated.exe -batchmode -load

About Us

MMO-Society is the Forum former known as Lordcraft, MMO-Society offers various of Resources to help you evolve your knowledge within Emulation, In the process we make sure to form a strong community bond in-between each other and thus we are proud to can admit that MMO-Society is possibly the friendliest Community Forum to currently exist.

All trademarks referenced are the properties of their respective owners.
©2018 MMO-Society. All rights reserved.

Social Links

Discord Server Join
Twitter Follow us
×
×
  • Create New...