mIRC Home    About    Download    Register    News    Help

Print Thread
Joined: Aug 2004
Posts: 7,252
R
RusselB Offline OP
Hoopy frood
OP Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
Part of my script for my bot allows it to be on multiple networks, with certain people having the authority to add new networks &/or channels for the bot to run in.

The problem that I've encountered is that some networks use a nick registration service.
If the bot connects to a network that it isn't configured for (ie: nickname & password stored in the hash table for that network), I want a dialog to come up on my screen showing the name of the person that added the network, the network name, and (if applicable) any channels that the bot was supposed to join.

It would be great if the registration information could be sent automatically, but I know that some nick registration services require a confirmation e-mail to be responded to, and I'm not sure if my bot could be configured to do that (although if it is possible, that might be something I could incorporate)

The !add network & !add room codes are below.

(If anyone has any suggestions as to how these could be done better, I'm listening)
Code:
 on op:text:!add network*:*:{
  if !$3 {
    var %server = $hfind(Networks,$server,0).data
    if !%server {
      .hinc -m Networks $network
      .hadd -m Networks $+($network,.,$hget(Networks,$network)) $server
    }
  }
  elseif !$4 {      .msg $nick Usage !add network <network> <server>    }
  else {
    var %server = $hfind(Networks,$4,0).data
    if !%server {
      .hinc -m Networks $3
      .hadd -m Networks $+($3,.,$hget(Networks,$3)) $4
      .msg $nick Network $3 with server address $4 has been added
      var %i 
      scon -at1 if ($network == $3) inc % $+ i 
      if (!%i) server -mfc $4 
    }
  }
}
on op:text:!add room*:*:{
  if ($target != $chan) && !$3 {
    .msg $nick Usage: !add room (network) <channel>
    .msg $nick (network) is optional
  }
  elseif !$3 {      .hadd -m $network $chan    }
  else {
    .hadd -m $iif(!$4,$network,$3) $iif(!$4,$3,$4)
    if $4 && ($3 != $network) {
      var %network = $hfind(Networks,$+($3,.*),0,w)
      if !%network {
        .msg $nick Sorry, but I can't find $3 in my list of networks
        .msg $nick Use !add network <network> <server> to add it
      }
      else {
        var %c = 1 
        while $scon(%c).network { 
          if ($v1 == $iif(!$4,$network,$3)) {
            if ($me !ison $iif(!$4,$3,$4)) {
              .join $iif(!$4,$3,$4)
              inc %joined
            }
          } 
          inc %c 
        }
        if !%joined {
          var %i 
          scon -at1 if ($network == $3) inc %i 
          if (!%i) server -mfc $3
        }
      }
    }
  }
}
 

Joined: Oct 2005
Posts: 1,741
G
Hoopy frood
Offline
Hoopy frood
G
Joined: Oct 2005
Posts: 1,741
I notice that you have several /scon.. commands in the script. I don't know if it's applicable, but you should read this post (again). Since the script uses $3, it may be possible to exploit the code.

As for your questions..
It should be easy enough to make a dialog come up if the network requires registration but no nick/pass is present. Something like:

on *:TEXT/NOTICE:<nick service asks for password>:?:{
if (!$hget(passwords,$network)) dialog -m info info
else msg $nick $hget(passwords,$network)
}

-genius_at_work

Joined: Aug 2004
Posts: 7,252
R
RusselB Offline OP
Hoopy frood
OP Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
I've read that post a few times, but I was unable to figure out a different way of doing it. If you can come up with a more secure method of accomplishing (sp?) the same results, I'd be more than happy to put the knowledge to use.

Joined: Dec 2002
Posts: 1,245
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Dec 2002
Posts: 1,245
where there is a lot of difference between
scon -at1 if ($network == $3) inc %i
and
scon -at1 $3-

What was said was setting the command off one line
scon -at1
if ($network == $3) inc %i

however if there is a Specific thing that $3 must match as it must in this case you cant have a string buried in $3 (first off) and it wouldnt match $network (secondly
so in this case I dont see a security issue. However QWERTY or FOP (or others) might have something else to offer on the issue.

Joined: Oct 2005
Posts: 1,741
G
Hoopy frood
Offline
Hoopy frood
G
Joined: Oct 2005
Posts: 1,741
I'm not saying that this code is definately exploitable.. just that it could be, in theory. Maybe if $3 was something like:

!add room $+($network,$chr(41),$chr(32),echo,$chr(32),-s,$chr(32),pwned,$chr(32))

I think that would evaluate to:
"<networkname>) echo -s pwned "
.. add that to the rest of the line when it is evaluated the second time over the scon command..
if ($network == [color:red]$network) echo -s pwned) inc % $+ i[/color]

I don't know if that example would actually work.. but you get the point. FiberOptics would probably know if your code is actually exploitable.

Whether it is exploitable or not, it's probably a good habit to use multiple lines:

/scon <num>
/command $3
/scon -r

-genius_at_work

Joined: Aug 2004
Posts: 7,252
R
RusselB Offline OP
Hoopy frood
OP Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
Using your example, that would make $3 be <networkname>) echo -s pwned and there'd be no $4, in which case the code (should) take that as a room name on the current network, so the bot would attempt to join that room...I'm not sure what would happen if you tried to join a room that doesn't have the correct configuration for a room name, specifically, not beginning with the # symbol.

Anyhow, getting back to the original topic, I've got the following dialog, but I was wondering, is there a way to limit the dialog so that the same network isn't listed over & over again? Sort of like how $addtok works, as in, if the network is already in the list, it won't be added again?

Here's the dialog I came up with
Code:
 dialog Connections {
  title "Connections"
  size -1 -1 190 60
  option dbu
  button "Cancel", 1, 5 20 20 10, cancel
  button "OK", 2, 5 35 20 10, ok
  button "Save", 3, 5 50 20 10, default
  text "Network", 4, 5 6 25 8
  combo 5, 35 5 60 50, edit drop
  text "Password", 6, 100 6 25 8
  edit "", 7, 125 5 50 10
}
on *:dialog:Connections:init:*:{
  did -a $dname 5 $network
}
on *:dialog:Connections:sclick:5:{
  if $hget(Networks,$+($did($dname,5).seltext,.,Password)) {
    did -ra $dname 7 $v1
  }
}
on *:dialog:Connections:sclick:2,3:{
  var %network = $iif($did($dname,5).seltext,$v1,$did($dname,5))
  var %password = $did($dname,7)
  .hadd -m Networks $+(%network,.,Password) %password
}
 


Also if you have any other suggestions, please make them.

Joined: Sep 2003
Posts: 4,230
D
Hoopy frood
Offline
Hoopy frood
D
Joined: Sep 2003
Posts: 4,230
Quote:
I'm not saying that this code is definately exploitable.. just that it could be, in theory. Maybe if $3 was something like:

!add room $+($network,$chr(41),$chr(32),echo,$chr(32),-s,$chr(32),pwned,$chr(32))

I think that would evaluate to:
"<networkname>) echo -s pwned "
.. add that to the rest of the line when it is evaluated the second time over the scon command..
if ($network == [color:red]$network) echo -s pwned) inc % $+ i[/color]


No.
Thats evaluating it 3 times.

This is what i beleive would happen.

(script)
scon -at1 if ($network == $3) inc %i
(evaluation 1)
if ($network == $+($network,$chr(41),$chr(32),echo,$chr(32),-s,$chr(32),pwned,$chr(32))) inc %i
(evaluation 2)
if (networkname == networkname) echo -s pwned )) inc %i
The two italic fields well not match so %i well not be incremented

From what i have looked at you need more that one $N value, however I wouldnt take that as written in stone.

* im also not sure if the %i would get evaluated out to its contents, this might be a special non evaluated variable due to the procedding INC command. (i didnt check)


I have found simple tricks can often get around problems, just ensure the $3 cant be evaluated.

(script)
scon -at1 if (~ $!+ $!network == ~ $+ $3) inc %i
(evaluation 1)
if (~ $+ $network == ~$+($network,$chr(41),$chr(32),echo,$chr(32),-s,$chr(32),pwned,$chr(32))) inc %i
(evaluation 2)
if (~networkname == ~$+($network,$chr(41),$chr(32),echo,$chr(32),-s,$chr(32),pwned,$chr(32))) inc %i

By attaching something (~) to the front of the evaluated $3 it prevents the double evaluation of it


Link Copied to Clipboard