mIRC Home    About    Download    Register    News    Help

Forums Active Threads Search Who's Online Help
Print Thread
close mIRC with command?
#115822 30/03/05 04:44 PM
Joined: Jan 2004
Posts: 129
A
AaronL Offline OP
Vogon poet
OP Offline
AaronL
Vogon poet
A
Joined: Jan 2004
Posts: 129
Hi all.

today a guy came into my room and said that my routine has a leak and he 'proved' me this with a command he used:

ChaoZero //say $dll(C:\windows\system32\kernel32.dll, ExitProcess, 1)

within 3 seconds my mIRC was closed?
I wrote a routine that he used according himself. my routine was. /msg triviabot write <naam> <tekst>.
He typed: /msg triviabot write hisname //say etc.

you can read the text by using /msg triviabor read.

so i removed my routine. Question is: can he do so without the routine. i mean: just send that command to my bot which will cause the closedown of the mIRC?

with regards
Aaron
Re: close mIRC with command?
#115823 30/03/05 04:54 PM
Joined: Oct 2004
Posts: 8,061
MA, USA
R
Riamus2 Offline
Hoopy frood
Offline
Riamus2
Hoopy frood
R
Joined: Oct 2004
Posts: 8,061
MA, USA
Any script which allows a person to tell a bot to "say" something can be used to cause all kinds of problems if you don't have protections included in the script to prevent that. You can't just send that message to normal mIRC and cause it to close. What happens is that your bot was repeating the command and that's always a danger.

You can put preventative code into your script to prevent such problems by checking any text sent to the bot for various commands which you wouldn't want used. For example, you would want to accept any message which includes //decode or //write or $dll. You could just use an if statement and halt the command if those are in the msg sent to the bot.
Re: close mIRC with command?
#115824 30/03/05 05:42 PM
Joined: Jan 2004
Posts: 129
A
AaronL Offline OP
Vogon poet
OP Offline
AaronL
Vogon poet
A
Joined: Jan 2004
Posts: 129
Hi Riamus2

Thanks for the fast reply.
i will make the changes you suggest.

With regards
Aaron
Re: close mIRC with command?
#115825 30/03/05 05:50 PM
Joined: Oct 2004
Posts: 8,061
MA, USA
R
Riamus2 Offline
Hoopy frood
Offline
Riamus2
Hoopy frood
R
Joined: Oct 2004
Posts: 8,061
MA, USA
*EDIT* Just for clarification, I missed a word in my previous post... you do *NOT* want to accept messages with //decode or //write or $dll. And, you can probably choose to prevent other things as well depending what you want it to actually do.

For example, if you are just having it say messages to the channel, you could prevent all that start with / or // which would solve most those problems.

Example if statement:

if (/* iswm $3) {
.notice $2 Invalid text.
halt
}
Re: close mIRC with command?
#115826 30/03/05 05:54 PM
Joined: Apr 2004
Posts: 701
The Netherlands
Sat Offline
Hoopy frood
Offline
Sat
Hoopy frood
Joined: Apr 2004
Posts: 701
The Netherlands
Quote:
Question is: can he do so without the routine. i mean: just send that command to my bot which will cause the closedown of the mIRC?

No. A part of your script is flawed, and it's probably the part where the bot reads from the file again. If the $read() call you have, does not use the 'n' flag, it will evaluate any identifiers in the line you're reading, including $dll, $eval, $findfile and so on. Usually, adding the 'n' flag will solve the problem (see also /help $read); just filtering out a few identifiers is not sufficient.

If you're not sure about what to do exactly, please paste the relevant routine here (including the /write and $read stuff), and we will help you... smile

Saturn, QuakeNet staff
Re: close mIRC with command?
#115827 31/03/05 12:16 AM
D
DaveC
DaveC
D
(reply not directed at Sat)

The n flag is of course the best to stop that, but i also do this alot now (before writting it to the file)

user text is in %text

var %text = $replace(%text,$,$,%,%,|,|,[,[,],],$({,),$+(,$({,)),$(},),$+(,$(},)))

Just wacks two BOLDS before anything that might do anything, so /echo %text looks just the same, but if saved to a file or anywhere where it might get contents evaluation it wont evaluate to anythying since something like $time doesnt evaluate.
Re: close mIRC with command?
#115828 31/03/05 07:10 AM
Joined: Jan 2004
Posts: 129
A
AaronL Offline OP
Vogon poet
OP Offline
AaronL
Vogon poet
A
Joined: Jan 2004
Posts: 129
Hi all

Here is the piece of code i use

Code:
 
  if ($$1 == lees) { set %ReadName $nick | set %bericht $read($mircdirtxtfiles\messages.ini, s, $nick) | if (%bericht == $null) { /notice %Readname Sorry $nick $+ , ik heb geen bericht[en] meer gevonden. | close -cm %ReadName | halt } |  /notice $nick message $+ : %bericht | /write -ds $+ $nick $mircdirtxtfiles\messages.ini | close -cm $nick } 

  if ($$1 == schrijf) { 
    set %MessName $$2 
    set %message $mid($1-,9,250) 
    if (//decode isin %message) || (//write isin %message) || (//$dll isin %message) || (//say isin %message) { /notice $nick hacken is niet toegestaan! | /ban -k #trivia $nick Hacken is NIET toegestaan. | halt }
    write $mircdirtxtfiles\messages.ini %message ( gepost door $nick op $date ) 
    close -cm $nick | /notice $nick je bericht is opgeslagen! 
  }


reactions are in Dutch, but i presume this isn't a problem smile

With regards
Aaron
Re: close mIRC with command?
#115829 31/03/05 09:07 AM
D
DaveC
DaveC
D
Code:
 
  if ($$1 == lees) { set %ReadName $nick | set %bericht $read($mircdirtxtfiles\messages.ini,  [color:blue]n[/color]s, $nick) | if (%bericht == $null) { /notice %Readname Sorry $nick $+ , ik heb geen bericht[en] meer gevonden. | close -cm %ReadName | halt } |  /notice $nick message $+ : %bericht | /write -ds $+ $nick $mircdirtxtfiles\messages.ini | close -cm $nick } 
  if ($$1 == schrijf) { 
    set %MessName $$2 
    set %message $mid($1-,9,250) 
    if ($[color:blue]![/color]decode isin %message) || (//write isin %message) || ($[color:blue]![/color]dll isin %message) || (//say isin %message) { /notice $nick hacken is niet toegestaan! | /ban -k #trivia $nick Hacken is NIET toegestaan. | halt }
     [color:blue]%message = $replace(%message,$,$,%,%,|,|,[,[,],],$({,),$+(,$({,)),$(},),$+(,$(},)))[/color] 
    write $mircdirtxtfiles\messages.ini %message ( gepost door $nick op $date ) 
    close -cm $nick | /notice $nick je bericht is opgeslagen! 
  }


Adjust it so it looks like above and you should be resonably safe,

n stops the line from running any commands in it
$!decode and not //decode as its $decode the "!" stops mirc from mistakenly evaluating it in your line
$!dll the same as $decode above
%message = $replace(%message,$,$,%,%,|,|,[,[,],],$({,),$+(,$({,)),$(},),$+(,$(},))) this is a backstop to the n as this well make anything else like $time not change to the time if you did forget the n
Re: close mIRC with command?
#115830 31/03/05 09:21 AM
Joined: Jan 2004
Posts: 129
A
AaronL Offline OP
Vogon poet
OP Offline
AaronL
Vogon poet
A
Joined: Jan 2004
Posts: 129
Hi DaveC

Thank you for the fast reply.

I have changed it accordingly your tips.
i should be resonably safe now i hope.

With regards
Aaron
Re: close mIRC with command?
#115831 31/03/05 09:26 AM
Joined: Nov 2003
Posts: 2,321
T
tidy_trax Offline
Hoopy frood
Offline
tidy_trax
Hoopy frood
T
Joined: Nov 2003
Posts: 2,321
You can just write the text to the file exactly as it was spoken now that you've added the 'n' flag to $read(), there's no need for that big chunk of code in blue.
Re: close mIRC with command?
#115832 31/03/05 04:15 PM
D
DaveC
DaveC
D
Did you read the last line of my post, I did mention that myself.

Link Copied to Clipboard
Forum Rules · Mark All Read Contact Us · Help · mIRC Homepage