mIRC Home    About    Download    Register    News    Help

Print Thread
#201321 25/06/08 12:25 AM
Joined: Feb 2006
Posts: 307
N
Fjord artisan
OP Offline
Fjord artisan
N
Joined: Feb 2006
Posts: 307
hello

I would like a script that whenever I try to join a room and it says 'invite only', it will periodicaly (every 10 seconds try to join till it succeed

thanks

Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
Code:
raw 473:*:{
  .timer 1 10 join $safe($2)
}
alias safe return $!decode( $encode($1,m) ,m)

When the raw response 473, which matches the raw numeric for the invite only setting, is received, a timer is set, and then the script tries to join the channel 10 seconds later.

Edit: Fixed insecure code

Last edited by qwerty; 24/07/08 08:23 AM.
Joined: Jul 2008
Posts: 3
J
Self-satisified door
Offline
Self-satisified door
J
Joined: Jul 2008
Posts: 3
I'm thinking this is what I am looking for also. I would like an autorejoin on kick for invite only channels, two diffent networks. I do not do scripting or scripting language, so would appreciate your help

Quote:
raw 473:*:{
.timer 1 10 join $2
}

When the raw response 473, which matches the raw numeric for the invite only setting, is received, a timer is set, and then the script tries to join the channel 10 seconds later.


where do I put this script so that both the invite only channels will see it? I'm really good at following instuctions, but I need the instructions first. Thanks for the help.

Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
1) Open your script editor using Alt+R
2) Ensure the Remote tab is highlighted. If not, click on it.
3) If the page that shows is not blank, click File - New
4) Copy & paste the code (it's only the 3 lines that I posted in the Code tags) into the blank page.
5) Click OK to close the Script Editor.

This script will then be seen by any and all invite only channels that you try to join.

Joined: Jul 2008
Posts: 3
J
Self-satisified door
Offline
Self-satisified door
J
Joined: Jul 2008
Posts: 3
Outstanding, thank you so much. This auto rejoin on kick is what worked for me. Two different networks each with invite only channels. I am sure there is probably a better way to do it, but it works, following your directions.

raw 473:*:{
.timer 1 2 msg channelname invite mynick myinvitekeyhere
}

made one for each of the channels, saved the script as channel namekick script, loaded scripts and SUCCESS laugh

Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
You could do that with only one script
Code:
raw 473:*:{
  .timer 1 2 msg $safe($2) invite $me $iif($2 == #channel_1,key1,$iif($2 = #channel_2,key2))
}
alias safe return $!decode( $encode($1,m) ,m)

$2 contains the name of the channel that the invite command has to be received from, $me is your nick

Replace #channel_1, key1, #channel_2, and key2 with the appropriate information

Edit: Fixed insecure code

Last edited by qwerty; 24/07/08 08:25 AM.
Joined: Jan 2003
Posts: 2,523
Q
Hoopy frood
Offline
Hoopy frood
Q
Joined: Jan 2003
Posts: 2,523
*sigh*

Seriously, is it so hard to remember the simple thing that passing unknown content to /timer is dangerous? You've done it so many times that one might think you simply ignore advice.

Surely, even if you can't learn how to get around double evaluation in /timers, you can at least refrain from posting insecure code (yes, not posting at all is better than posting dangerous code).

I've edited your posts and replaced $2 with $safe($2) (as I've suggested many times in the past).


/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
You want serious, then seriously show me in detail and exactly how the content passed the timer would/could have been dangerous. The only item that you modified with the your $safe alias was the channel name, which was being taken from the raw event and provided by the server.

Joined: Jun 2008
Posts: 48
T
Ameglian cow
Offline
Ameglian cow
T
Joined: Jun 2008
Posts: 48
I was thinking the same exact thing russelb but was afraid I was missing something so kept my thoughts to myself.

I also have a question. How the hell does encoding and immediately decoding something make that something any safer? I feal like I am completely missing th whole idea here.


I've gone to look for myself. If I should return before I get back, please keep me here.
Joined: Jan 2003
Posts: 2,523
Q
Hoopy frood
Offline
Hoopy frood
Q
Joined: Jan 2003
Posts: 2,523
Just because a channel name is provided by the server, it doesn't mean it's safe. As has been mentioned several times, strings like #$someident(param) are evaluated by mirc like normal identifiers (eg try //echo -a #$upper(blah) ).

Now imagine that a malicious person creates the channel #$q (a perfectly legal channel name) and sets it invite-only, then starts advertising it in popular channels. People try to join #$q but because it's +i, the server sends them a 478 reply with $2 being "#$q". /q is one of the default aliases in mirc and looks something like /q /quit $1-. So evaluting #$q will make you quit... using further knowledge about a victim's installed aliases, one could do even worse things. #$input(blah) is another example of the problem, and it's not even an alias.

All this of course assuming the server is trusted. If not, things can be even worse, as a malicious server could fill $2 with more dangerous things (you can squeeze a $findfile that executes arbitrary commands in $2 in a little more elaborate way - this too has been mentioned in the forums).

Arguing about the feasibility of a particular attack is missing the point however. Just because you are unable to think of a plausible attack scenario, it doesn't mean you can go ahead and use $2 carelessly inside /timer. Attackers are imaginative, and it's better to play safe than to try to second-guess them on a case-by-case basis.


/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
Joined: Jan 2003
Posts: 2,523
Q
Hoopy frood
Offline
Hoopy frood
Q
Joined: Jan 2003
Posts: 2,523
The key idea here is the exclamation mark used in $decode, which prevents the latter from being evaluated (acting like $eval(...,0)). Try this in any mirc window:

//tokenize 32 $eval(#$bits,0) | echo 2 -a $1 | echo 3 -a $!decode( $encode($1,m) ,m) | .timer -d 1 0 echo 4 -a $1 | .timer -d 1 0 echo 5 -a $!decode( $encode($1,m) ,m)

(spacing is important here). You get

#$bits
$decode( IyRiaXRz ,m)
32
#$bits

$1's value is the blue line. The red line is what you get by inadvertently passing $1 to /timer: the $bits identifier is evaluated. The brown line is what you get using the decode/encode method: the original, unevaluated contents of $1. $safe($1) returns a string like the one in the green line, so when /timer fires, it evaluates that, and not the original string.


/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
Joined: Jun 2008
Posts: 48
T
Ameglian cow
Offline
Ameglian cow
T
Joined: Jun 2008
Posts: 48
That makes a lot of sense. Thanks for spelling it out for me.


I've gone to look for myself. If I should return before I get back, please keep me here.
Joined: Mar 2007
Posts: 139
S
Vogon poet
Offline
Vogon poet
S
Joined: Mar 2007
Posts: 139
Hi qwerty
I am totally not getting this. Firstly i tried to execute the attack you described on myself and all i got was * No such identifier: #$q
Secondly i cant understand what you are talking about??? perhaps am thick but i tried to follow what you are saying and got lost. Could you give me a real life simple example on how a script can be misused by sending unknown content to a timer? and why a timer more then any other medium??

Thanks

Joined: Jan 2003
Posts: 2,523
Q
Hoopy frood
Offline
Hoopy frood
Q
Joined: Jan 2003
Posts: 2,523
The mere fact that you got a "* No such identifier: #$q" message means the attack worked. You just don't happen to have a /q alias. You probably no longer have the aliases mirc creates on a clean install. I'm not even sure if /q is one of the default aliases anymore (or whether it's an alias for /quit or /query) - it doesn't matter though: mirc did try to evaluate #$q. It could be any other alias that you may have or even a built-in identifer (like the $input example I mentioned).

/timer is a problem because when it fires, it evaluates the command you specified as a parameter. Since parameters are evaluated inside the script that calls /timer anyway, the result is that you get two evaluations; one inside the calling script and one when the timer fires.

Apart from /timer, /scon and /scid also double-evaluate.



/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
Joined: Mar 2007
Posts: 139
S
Vogon poet
Offline
Vogon poet
S
Joined: Mar 2007
Posts: 139
Hi again
I created a /q /quit alias and got the same error * No such identifier: #$q I do not see how this is a problem as its evaluating #$q with # so it has no connection to the /q alias???

Joined: Jan 2003
Posts: 2,523
Q
Hoopy frood
Offline
Hoopy frood
Q
Joined: Jan 2003
Posts: 2,523
You're right actually, I just forgot about the fact that in constructs like #$ident, only built-in identifiers are evaluated. This is easy to get around however: #$($q) does evaluate your /q alias and is still a valid channel name. By wrapping a built-in identifier around a custom one, the latter can be evaluated.


/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
Joined: Mar 2007
Posts: 139
S
Vogon poet
Offline
Vogon poet
S
Joined: Mar 2007
Posts: 139
Thank-you that worked, but i noticed even with your $safe alias it still made me quit???? I paste the code i used below.

raw 473:*:{
.timer 1 10 join $safe($2)
}
alias safe return $!decode( $encode($1,m) ,m)

Joined: Sep 2005
Posts: 2,881
H
Hoopy frood
Offline
Hoopy frood
H
Joined: Sep 2005
Posts: 2,881
Try this:

Code:
raw 473:*:{
  set %chan $2
  .timer 1 10 join % $+ chan $(| unset %chan,)
}


This is another method of making sure the contents passed to /timer aren't evaluated more times than they're supposed to be.

Joined: Jan 2003
Posts: 2,523
Q
Hoopy frood
Offline
Hoopy frood
Q
Joined: Jan 2003
Posts: 2,523
It shouldn't make you quit; it doesn't make me when I test it. Are you sure you don't have a /join alias that might itself double-evaluate for some reason? You can test with !join in your script to make sure. Another possibility is that you have another $safe alias somewhere else that takes priority.

Last edited by qwerty; 25/07/08 04:30 PM.

/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com

Link Copied to Clipboard