mIRC Home    About    Download    Register    News    Help

Print Thread
dcc exploit fix for 6.03 #56655 21/10/03 09:11 PM
Joined: Dec 2002
Posts: 1,527
_
_D3m0n_ Offline OP
Hoopy frood
OP Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
ok what i need is a slight amount of help on being able to check for the spaces in a dcc send of resume im sending the dcc to my script in a signal and it is effectivly blocking out the exploit ..... but what i am trying to do now is create a echo to my active window so here is what i need to run a check thru.

*** 3 SOMEuser!SOMEUSER@HOST.com_D3m0n_ DCC SEND "DCC EXPLOIT FILENAME" 0 0 0

***EDITED TO REMOVE OUT THE ACTUAL EXPLOIT***

the first number is the cid it come from the second part if the actual user then me and the dcc send and resume would be in $5 and the actual file name is in " " the other stuff is how it comes in but everyone should know that. what im wanting to know is whats going to be the fastest method of checking this is an exploit or not? basically thats all i need to have and i can release an exploit fix for this using 6.03. if anyone else wants to take a stab at this what im doing is ignoring all ctcps. then using a timer to check a hidden window.cid then sending a signal if it meets a set parameters. then using that i can do several things like send the ping reply version reply and time reply using ctcpreply. a bonus side effect is that the dcc is also picked up in this script. thus allowing me to reject the exploit. ive tried the exploit on a clean mirc and it infact does crash, i unloaded that signal script and my mirc crashed. so somehow by delaying it mirc doesnt even need to ignore the user it just rejects it on its own. like its using 6.12 or something. its really hard to explain but anyone that can help me out in this id appreciate. as using regex is probably the best method but its something im just terrible at.

Last edited by _D3m0n_; 21/10/03 09:17 PM.

D3m0nnet.com
Re: dcc exploit fix for 6.03 #56656 21/10/03 11:03 PM
Joined: Dec 2002
Posts: 1,922
O
Online Offline
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
This post might interest you.

Re: dcc exploit fix for 6.03 #56657 21/10/03 11:47 PM
Joined: Dec 2002
Posts: 1,527
_
_D3m0n_ Offline OP
Hoopy frood
OP Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
not really what i need to make it work correctly. i really need to run a check on everything in " " for the number of spaces ..... if i knew regex im assuming this would be quite simple to geth that


D3m0nnet.com
Re: dcc exploit fix for 6.03 #56658 22/10/03 12:33 PM
Joined: Dec 2002
Posts: 1,922
O
Online Offline
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
You can use $fline() to scan a debug window for an exploit message. For example,
  • $fline(@debug,/^<- :[b][/b](\S+)!\S+@\S+ privmsg (\S+) :\x01dcc (?:send|resume|accept) +\S*"(?:\S* ){35}/i,1,2)
The last parameter, 2, was introduced in v6.1 and denotes the "wildtext" parameter is a regexp. After $fline() returned a line number, you can use $regml(1) in your script to reference to the exploiter's nickname, and $regml(2) to reference to the target (you or a channel).

Re: dcc exploit fix for 6.03 #56659 22/10/03 01:05 PM
Joined: Sep 2003
Posts: 584
B
bunar Offline
Fjord artisan
Offline
Fjord artisan
B
Joined: Sep 2003
Posts: 584
addition to this, since i use mirc 6.03, is there any way through scripting to protect myself or i really need to ignore all dcc's and ctcp's ?

Re: dcc exploit fix for 6.03 #56660 22/10/03 01:59 PM
Joined: Dec 2002
Posts: 1,922
O
Online Offline
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
Yes you have to ignore all DCCs, but a small script can automatically identify valid requests and create the appropriate exception. See this post.

Re: dcc exploit fix for 6.03 #56661 22/10/03 02:08 PM
Joined: Sep 2003
Posts: 584
B
bunar Offline
Fjord artisan
Offline
Fjord artisan
B
Joined: Sep 2003
Posts: 584
thanx much