|
Joined: Feb 2006
Posts: 307
Fjord artisan
|
OP
Fjord artisan
Joined: Feb 2006
Posts: 307 |
hello
I would like a script that whenever I try to join a room and it says 'invite only', it will periodicaly (every 10 seconds try to join till it succeed
thanks
|
|
|
|
Joined: Aug 2004
Posts: 7,252
Hoopy frood
|
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
raw 473:*:{
.timer 1 10 join $safe($2)
}
alias safe return $!decode( $encode($1,m) ,m)
When the raw response 473, which matches the raw numeric for the invite only setting, is received, a timer is set, and then the script tries to join the channel 10 seconds later. Edit: Fixed insecure code
Last edited by qwerty; 24/07/08 08:23 AM.
|
|
|
|
Joined: Jul 2008
Posts: 3
Self-satisified door
|
Self-satisified door
Joined: Jul 2008
Posts: 3 |
I'm thinking this is what I am looking for also. I would like an autorejoin on kick for invite only channels, two diffent networks. I do not do scripting or scripting language, so would appreciate your help raw 473:*:{ .timer 1 10 join $2 }
When the raw response 473, which matches the raw numeric for the invite only setting, is received, a timer is set, and then the script tries to join the channel 10 seconds later. where do I put this script so that both the invite only channels will see it? I'm really good at following instuctions, but I need the instructions first. Thanks for the help.
|
|
|
|
Joined: Aug 2004
Posts: 7,252
Hoopy frood
|
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
1) Open your script editor using Alt+R 2) Ensure the Remote tab is highlighted. If not, click on it. 3) If the page that shows is not blank, click File - New 4) Copy & paste the code (it's only the 3 lines that I posted in the Code tags) into the blank page. 5) Click OK to close the Script Editor.
This script will then be seen by any and all invite only channels that you try to join.
|
|
|
|
Joined: Jul 2008
Posts: 3
Self-satisified door
|
Self-satisified door
Joined: Jul 2008
Posts: 3 |
Outstanding, thank you so much. This auto rejoin on kick is what worked for me. Two different networks each with invite only channels. I am sure there is probably a better way to do it, but it works, following your directions. raw 473:*:{ .timer 1 2 msg channelname invite mynick myinvitekeyhere } made one for each of the channels, saved the script as channel namekick script, loaded scripts and SUCCESS
|
|
|
|
Joined: Aug 2004
Posts: 7,252
Hoopy frood
|
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
You could do that with only one script raw 473:*:{
.timer 1 2 msg $safe($2) invite $me $iif($2 == #channel_1,key1,$iif($2 = #channel_2,key2))
}
alias safe return $!decode( $encode($1,m) ,m)
$2 contains the name of the channel that the invite command has to be received from, $me is your nick Replace #channel_1, key1, #channel_2, and key2 with the appropriate information Edit: Fixed insecure code
Last edited by qwerty; 24/07/08 08:25 AM.
|
|
|
|
Joined: Jan 2003
Posts: 2,523
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 2,523 |
*sigh* Seriously, is it so hard to remember the simple thing that passing unknown content to /timer is dangerous? You've done it so many times that one might think you simply ignore advice. Surely, even if you can't learn how to get around double evaluation in /timers, you can at least refrain from posting insecure code (yes, not posting at all is better than posting dangerous code). I've edited your posts and replaced $2 with $safe($2) (as I've suggested many times in the past).
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
|
|
|
|
Joined: Aug 2004
Posts: 7,252
Hoopy frood
|
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
You want serious, then seriously show me in detail and exactly how the content passed the timer would/could have been dangerous. The only item that you modified with the your $safe alias was the channel name, which was being taken from the raw event and provided by the server.
|
|
|
|
Joined: Jun 2008
Posts: 48
Ameglian cow
|
Ameglian cow
Joined: Jun 2008
Posts: 48 |
I was thinking the same exact thing russelb but was afraid I was missing something so kept my thoughts to myself.
I also have a question. How the hell does encoding and immediately decoding something make that something any safer? I feal like I am completely missing th whole idea here.
I've gone to look for myself. If I should return before I get back, please keep me here.
|
|
|
|
Joined: Jan 2003
Posts: 2,523
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 2,523 |
Just because a channel name is provided by the server, it doesn't mean it's safe. As has been mentioned several times, strings like #$someident(param) are evaluated by mirc like normal identifiers (eg try //echo -a #$upper(blah) ).
Now imagine that a malicious person creates the channel #$q (a perfectly legal channel name) and sets it invite-only, then starts advertising it in popular channels. People try to join #$q but because it's +i, the server sends them a 478 reply with $2 being "#$q". /q is one of the default aliases in mirc and looks something like /q /quit $1-. So evaluting #$q will make you quit... using further knowledge about a victim's installed aliases, one could do even worse things. #$input(blah) is another example of the problem, and it's not even an alias.
All this of course assuming the server is trusted. If not, things can be even worse, as a malicious server could fill $2 with more dangerous things (you can squeeze a $findfile that executes arbitrary commands in $2 in a little more elaborate way - this too has been mentioned in the forums).
Arguing about the feasibility of a particular attack is missing the point however. Just because you are unable to think of a plausible attack scenario, it doesn't mean you can go ahead and use $2 carelessly inside /timer. Attackers are imaginative, and it's better to play safe than to try to second-guess them on a case-by-case basis.
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
|
|
|
|
Joined: Jan 2003
Posts: 2,523
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 2,523 |
The key idea here is the exclamation mark used in $decode, which prevents the latter from being evaluated (acting like $eval(...,0)). Try this in any mirc window:
//tokenize 32 $eval(#$bits,0) | echo 2 -a $1 | echo 3 -a $!decode( $encode($1,m) ,m) | .timer -d 1 0 echo 4 -a $1 | .timer -d 1 0 echo 5 -a $!decode( $encode($1,m) ,m)
(spacing is important here). You get
#$bits $decode( IyRiaXRz ,m) 32 #$bits
$1's value is the blue line. The red line is what you get by inadvertently passing $1 to /timer: the $bits identifier is evaluated. The brown line is what you get using the decode/encode method: the original, unevaluated contents of $1. $safe($1) returns a string like the one in the green line, so when /timer fires, it evaluates that, and not the original string.
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
|
|
|
|
Joined: Jun 2008
Posts: 48
Ameglian cow
|
Ameglian cow
Joined: Jun 2008
Posts: 48 |
That makes a lot of sense. Thanks for spelling it out for me.
I've gone to look for myself. If I should return before I get back, please keep me here.
|
|
|
|
Joined: Mar 2007
Posts: 139
Vogon poet
|
Vogon poet
Joined: Mar 2007
Posts: 139 |
Hi qwerty I am totally not getting this. Firstly i tried to execute the attack you described on myself and all i got was * No such identifier: #$q Secondly i cant understand what you are talking about??? perhaps am thick but i tried to follow what you are saying and got lost. Could you give me a real life simple example on how a script can be misused by sending unknown content to a timer? and why a timer more then any other medium??
Thanks
|
|
|
|
Joined: Jan 2003
Posts: 2,523
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 2,523 |
The mere fact that you got a "* No such identifier: #$q" message means the attack worked. You just don't happen to have a /q alias. You probably no longer have the aliases mirc creates on a clean install. I'm not even sure if /q is one of the default aliases anymore (or whether it's an alias for /quit or /query) - it doesn't matter though: mirc did try to evaluate #$q. It could be any other alias that you may have or even a built-in identifer (like the $input example I mentioned).
/timer is a problem because when it fires, it evaluates the command you specified as a parameter. Since parameters are evaluated inside the script that calls /timer anyway, the result is that you get two evaluations; one inside the calling script and one when the timer fires.
Apart from /timer, /scon and /scid also double-evaluate.
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
|
|
|
|
Joined: Mar 2007
Posts: 139
Vogon poet
|
Vogon poet
Joined: Mar 2007
Posts: 139 |
Hi again I created a /q /quit alias and got the same error * No such identifier: #$q I do not see how this is a problem as its evaluating #$q with # so it has no connection to the /q alias???
|
|
|
|
Joined: Jan 2003
Posts: 2,523
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 2,523 |
You're right actually, I just forgot about the fact that in constructs like #$ident, only built-in identifiers are evaluated. This is easy to get around however: #$($q) does evaluate your /q alias and is still a valid channel name. By wrapping a built-in identifier around a custom one, the latter can be evaluated.
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
|
|
|
|
Joined: Mar 2007
Posts: 139
Vogon poet
|
Vogon poet
Joined: Mar 2007
Posts: 139 |
Thank-you that worked, but i noticed even with your $safe alias it still made me quit???? I paste the code i used below.
raw 473:*:{ .timer 1 10 join $safe($2) } alias safe return $!decode( $encode($1,m) ,m)
|
|
|
|
Joined: Sep 2005
Posts: 2,881
Hoopy frood
|
Hoopy frood
Joined: Sep 2005
Posts: 2,881 |
Try this: raw 473:*:{
set %chan $2
.timer 1 10 join % $+ chan $(| unset %chan,)
} This is another method of making sure the contents passed to /timer aren't evaluated more times than they're supposed to be.
|
|
|
|
Joined: Jan 2003
Posts: 2,523
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 2,523 |
It shouldn't make you quit; it doesn't make me when I test it. Are you sure you don't have a /join alias that might itself double-evaluate for some reason? You can test with !join in your script to make sure. Another possibility is that you have another $safe alias somewhere else that takes priority.
Last edited by qwerty; 25/07/08 04:30 PM.
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
|
|
|
|
|