[579] in BarnOwl Developers
Fun with barnowl and control characters
daemon@ATHENA.MIT.EDU (Geoffrey Thomas)
Thu Oct 29 18:07:37 2009
Resent-From: nelhage@mit.edu
Resent-To: barnowl-dev-mtg@charon.mit.edu
Date: Tue, 3 Apr 2007 18:34:48 -0400 (EDT)
From: Geoffrey Thomas <geofft@MIT.EDU>
To: dirty-owl-hackers@MIT.EDU
oliver:/tmp geofft$ zwrite -c geofft -i ^H^H^H^H^H^H^H^H^Hmessage\ /\ network -s ^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H"@b(jis) 17:12 (Jeffrey I. Schiller)"
Type your message now. End with control-D or a dot on a line by itself.
All your base are belong to us.
.
Message queued for class "geofft", imessage / network"... sent
oliver:~ geofft$ zwrite -c geofft -i spoof
Type your message now. End with control-D or a dot on a line by itself.
This attack is harder to prevent, but still....
^H^H^H^HMESSAGE / network / @b(jis) (18:11) (Jeffrey I. Schiller)
I am teh ruler of teh internets!
.
Message queued for class "geofft", instance "spoof"... sent
oliver:~ geofft$ zwrite -c geofft -i foo^Mbar
Type your message now. End with control-D or a dot on a line by itself.
test
.
bar"... sented for class "geofft", instance "foo
Also, it's slightly disappointing that control characters break the
command-entry line, in the sense that C-r doesn't let you properly keep
the instance name most of the time, and if it does keep the instance name
(e.g., with ^?), it treats it as a one-column-wide character.
I'm running the latest locker owl in a screen.
--
Geoffrey Thomas
geofft@mit.edu
