|
|
Joined: Apr 2014
Posts: 10
Pikka bird
|
OP
Pikka bird
Joined: Apr 2014
Posts: 10 |
EDIT: according to Loki, thers exploits in it, which includes being able to add shutdown pc commands, currently looking into it. Hi there, i just wanted to share a little mix of 2 scripts, which took a little editing to work together, hence i am not actualy pro in scripting, in any way. but i did manage to make this work. 1 part of the the script is a repeat script i found on the forum made by a member called Blessing at the following post. https://forums.mirc.com/ubbthreads.php/topics/245677/Re:_Help_with_auto-repeat_comm and the other part of the script i have no idea, since it was uploaded by a guest on Pastebin, however if the real creator of the command section sees this post, and u can proof u made it, im completly willing to give u the credit. But here is where i found the code, http://pastebin.com/zPMhDif6the simple functions / commands are the following #add <command name> <text> - This adds a command to the cmds.ini #edit <command name> <text> - kinda self explainatory, this edits the text on the command. #delete <Command name> - Deletes the command !repeat <command> <time in minutes / off> - example: !repeat !youtube 5, this will repeat the command each 5 minutes. and if u do !repeat !youtube off, it will turn off the repeater. anyway, here is the script, hope it helps some people 
;#########################
;Command and Repeat System
;#########################
Currently checking for more exploits.
However i do have a small request if possible, since i want to make it a bit cleaner instead of having both # and ! commands, i would like the # commands being !commands as well, however i tried changing it but whenever i did for example !add, after changing and i typed !add, it will read the No such command available. section instead of the adding command section, so i was wondering how i could fix that. As i said, the credits go to Blessing and whoever made the commands script, i only combined the 2 of them.
Last edited by ChannelGank; 19/06/14 06:14 PM.
|
|
|
|
|
Joined: Jan 2004
Posts: 1,358
Hoopy frood
|
|
Hoopy frood
Joined: Jan 2004
Posts: 1,358 |
This " if (ismod) {" is nonsense and will always return true. Couple that with not using the "n" switch with $read and $readini and this script is trivially exploitable; anybody could take complete control of your computer. [13:24:20] <Memnoch> #add !test $findfile(.,*,1,disconnect)
[13:24:20] <@bot> !test command added as $findfile(.,*,1,disconnect)
[13:24:25] <Memnoch> !test
[13:24:25] * @bot (asdf@4lo2da.IP) Quit (Quit: ) - The !repeat text event will never be hit because it's captured by the first !* event.
- I'm guessing the second event uses # as a prefix because whoever wrote it couldn't figure out how to prefix that event with ! and not interfere with the previous event.
- This script allows you to add commands that can never be accessed, only commands beginning with ! can be accessed but any text will be written to file.
- Using the channel concatenated with the command itself as the ini topic and a static "text" string as the item (instead of using the channel as the topic and command as the item) also seems like bad form.
- There's a misplaced } on line 35.
- You do not need to prepend commands with / in a script.
Last edited by Loki12583; 19/06/14 06:06 PM.
|
|
|
|
|
Joined: Apr 2014
Posts: 10
Pikka bird
|
|
OP
Pikka bird
Joined: Apr 2014
Posts: 10 |
hm well i used this on mirc bot for a friend of mine, nobody but mods could use the add, delete, edit or repeat commands, or at least not for so far ive seen.
and i have tested it before posting it here, and it did work.
|
|
|
|
|
Joined: Jan 2004
Posts: 1,358
Hoopy frood
|
|
Hoopy frood
Joined: Jan 2004
Posts: 1,358 |
I took your exact script, without editing it, and was able to exploit it. Try testing it with the command I quoted above. If you don't believe me then you can load up that script, give me the server and channel, and I'll gladly come in and shut down your computer.
In the meantime you should edit and remove the script from your post so that nobody finds it and compromises their system.
Last edited by Loki12583; 19/06/14 06:08 PM.
|
|
|
|
|
Joined: Apr 2014
Posts: 10
Pikka bird
|
|
OP
Pikka bird
Joined: Apr 2014
Posts: 10 |
K, edited it for the time being, changed the ismod to if ($nick isop #) which should be correct, and it does not allow me to add commands now either way, still doesnt pop me the message that the person is not allowed to mod commands.
using a the channel of the account which runs the bot atm.
and about the ! being captured, is there a way i could like, merge it all into 1 big script, so that i could use ! on all the commands somehow.
but which things should i edit / change in the script?
Last edited by ChannelGank; 19/06/14 06:21 PM.
|
|
|
|
|
Joined: Jan 2004
Posts: 1,358
Hoopy frood
|
|
Hoopy frood
Joined: Jan 2004
Posts: 1,358 |
if ($nick isop #) may fail on twitch because twitch is not a proper irc network and does not immediately notify clients that a user is an operator. To get around that you'd need to save the names of mods somewhere and look it up as needed.
To fix the exploit, use the "n" switch with $read and $readini: $readini(file,n,topic,item)
To fix the problems with matching !commands you need to move the wildcard !* event below all other events you've defined that begin with !
|
|
|
|
|
Joined: Apr 2014
Posts: 10
Pikka bird
|
|
OP
Pikka bird
Joined: Apr 2014
Posts: 10 |
alright, so i patched it up a bit better now i think, except i got a 8 hour twitch ban atm, forgot to add something, and instead of checking for a number or off on the !repeat, i accidently made it so that it would spam the word / number i typed, sooo, imma have to wait. just wondering now or that is any better. the only section im missing atm is this section, that added commands can be used by common users. on *:text:!*:#: {
var %get $+(#,.,$1)
var %name $1
var %text $readini(cmds.ini,n,%get,text)
if (!%text) {
/msg # No such command available.
}
else {
if (%flood3) { return }
set -u30 %flood3 On
/msg # %text
}
} ^ so thats the part i still want to get squished in, so ppl can actualy use the commands, the mods / me make using !addcom. But this is what i got so far
;#########################
;Command and Repeat System
;#########################
on *:text:!*:#: {
if ($nick isop #) {
if ($1 == !add) {
if ($0 < 3) { msg # Insufficient parameters: Use #add !<command name> <text> | return }
writeini -n cmds.ini $+(#,.,$2) text $3-
/msg # $2 command added as $3-
}
elseif ($1 == !edit) {
if ($0 < 3) { msg # Insufficient parameters: Use #edit !<command name> <text> | return }
writeini -n cmds.ini $+(#,.,$2) text $3-
/msg # Edited $2 to $3-
}
elseif ($1 == !delete) {
if ($0 < 2) { msg # Insufficient parameters: Use !delete !<command name> | return }
/remini cmds.ini $+(#,.,$2}
/msg # Command $2 has been removed.
}
elseif ($1 == !repeat) {
if ($0 < 3) { msg # Insufficient parameters: Use !repeat !<command name> <time in minutes / off> | return }
if ($3 !isnum || $3 < 1) && $3 != off { msg # <time> must be number greater than 0 or off | return }
var %get $+(#,.,$2)
var %name $1
var %text $readini(cmds.ini,n,%get,text)
if !%text { msg # $2 does not exists. | return }
if $timer($+(repeat.,%t)) {
if $3 == off {
$+(.timerrepeat.,%t) off
msg # $2 turns off.
}
else { msg # $2 was already repeating. }
}
else {
if $3 == off { msg # $2 was never started yet. }
else {
$+(.timerrepeat.,%t) 0 $calc($3 * 60) msg # $replace(%text,|,-,$,-,%,-)
msg # $2 turns on. Auto repeat in $3 min $+ $iif($3 > 1,s) $+ .
}
}
}
}
}
else {
{msg # $nick $+ , you do not have permission to use mod commands.
}
Last edited by ChannelGank; 19/06/14 07:45 PM.
|
|
|
|
|
Joined: Jan 2004
Posts: 1,358
Hoopy frood
|
|
Hoopy frood
Joined: Jan 2004
Posts: 1,358 |
Just connect to another random server from the server list to test it out.
|
|
|
|
|
Joined: Apr 2014
Posts: 10
Pikka bird
|
|
OP
Pikka bird
Joined: Apr 2014
Posts: 10 |
yea i pretty much wiped all servers since i was using twitch to test it, anyways, any suggestions on the command use thing for regulars, also are there still any exploits now, used the n switch where u said, and changed the ismod then
|
|
|
|
|
Joined: Apr 2014
Posts: 10
Pikka bird
|
|
OP
Pikka bird
Joined: Apr 2014
Posts: 10 |
Alright, i went ahead since i couldnt stop myself from going on, but i managed to work it out, and it seems to be working completly now, without non mods being able to use the, add, delete, etc.
;#########################
;Command and Repeat System
;#########################
on *:text:!*:#: {
if ($nick isop #) {
if ($1 == !addcom) {
if ($0 < 3) { msg # Insufficient parameters: Use #add !<command name> <text> | return }
var %get $+(#,.,$2)
var %name $2
var %text $readini(cmds.ini,n,%get,text)
if !%text {
writeini -n cmds.ini $+(#,.,$2) text $3-
/msg # Edited $2 to $3-
}
else {
/msg # $2 already exists.
}
}
elseif ($1 == !editcom) {
if ($0 < 3) { msg # Insufficient parameters: Use #edit !<command name> <text> | return }
var %get $+(#,.,$2)
var %name $2
var %text $readini(cmds.ini,n,%get,text)
if !%text { msg # $2 does not exist. | return }
else {
writeini -n cmds.ini $+(#,.,$2) text $3-
/msg # Edited $2 to $3-
}
}
elseif ($1 == !delcom) {
if ($0 < 2) { msg # Insufficient parameters: Use !delcom !<command name> | return }
var %get $+(#,.,$2)
var %name $2
var %text $readini(cmds.ini,n,%get,text)
if !%text { msg # $2 does not exist. | return }
else {
/remini cmds.ini $+(#,.,$2)
/msg # Command $2 has been removed.
}
}
elseif ($1 == !repeat) {
if ($0 < 3) { msg # Insufficient parameters: Use !repeat !<command name> <time in minutes / off> | return }
if ($3 !isnum || $3 < 1) && $3 != off { msg # <time> must be number greater than 0 or off | return }
var %get $+(#,.,$2)
var %name $2
var %text $readini(cmds.ini,n,%get,text)
if !%text { msg # $2 does not exist. | return }
if $timer($+(repeat.,%t)) {
if $3 == off {
$+(.timerrepeat.,%t) off
msg # $2 will now stop repeating.
}
else { msg # $2 was already active.
}
}
else {
if $3 == off { msg # $2 was never started. }
else {
$+(.timerrepeat.,%t) 0 $calc($3 * 60) msg # $replace(%text,|,-,$,-,%,-)
msg # $2 will now repeat every $3 minutes $+ $iif($3 > 1,s) $+ . } }
}
elseif ($1 == !*) { }
var %get $+(#,.,$1)
var %name $1
var %text $readini(cmds.ini,n,%get,text)
if (!%text) {
}
else {
if (%flood3) { return }
set -u30 %flood3 On
/msg # %text
}
}
else {
;#########################################
;This Happens when the user is not a mod #
;#########################################
elseif ($1 == !*) { }
var %get $+(#,.,$1)
var %name $1
var %text $readini(cmds.ini,n,%get,text)
if (!%text) {
}
else {
if (%flood3) { return }
set -u30 %flood3 On
/msg # %text
}
}
}
I'm curious about 1 thing, is there way to say like, add a little something to the add and delete command, like when the command gets added / removed. say, it adds / removes a command, but like, add that command name to another command to like, list all the usuable commands for the ppl / viewers in the room. but also if the command gets deleted it will also remove it from that list. like you would type !cmdlist - available commands are !1, !2, !3, etc you get it i guess.
Last edited by ChannelGank; 20/06/14 02:21 AM.
|
|
|
|
|
