converting a regex from mirc to TCL

LtPhil · Post by **LtPhil** » Mon Oct 13, 2003 3:54 pm

i have the following regex snippet from some mIRC code

if ($regex($1, /^<- :([^!]*)![^@]*@[^ ]*\s*PRIVMSG\s*(\S*)\s*:\001\s*DCC\s*(SEND|RESUME).*"(?:[^" ]*\s){32}.*$/i)) {
    var %nick = $regml(1), %target = $regml(2), %type = $regml(3)
}

... but i cannot read regex's at all

how do i get %nick, %target, and %type out of the regex?

... this is being borrowed from a "workaround" script for the mIRC 6.x DCC exploit... i want to write a script for my bot that kickbans anyone who sends the exploit. will post when i have it completed and working

[edit] actually, i'm not even sure if that actually parses for the exploit only or if it just parses all DCC's... but even if it parses all DCC's that's fine with me, i just need the DCC msg in a me-readable format

[/edit]

thanks!

ppslim · Post by **ppslim** » Mon Oct 13, 2003 4:33 pm

Code: Select all

bind CTCP - DCC handle:exploit
proc handle:exploit {nick uh hand dest key arg} {
  if {[regexp {(SEND|RESUME).*"(?:[^" ]*\s){32}.*$} $arg]} {
    # Trying to exploit us - Kick or ban here
    return 1
  }
  # non exploit, continue as normal
  return 0
}

LtPhil · Post by **LtPhil** » Mon Oct 13, 2003 8:22 pm

thanks for the regex... now for the next thing...
what string would trigger that? we don't seem to have any exploiters running around at the moment (you know they'll come back the instant i leave or sth), so i need a way to test and make sure it triggers right

i've figured out that it has to begin with "SEND" or "RESUME"...

danke

-phil

strikelight · Post by **strikelight** » Mon Oct 13, 2003 9:22 pm

LtPhil wrote:thanks for the regex... now for the next thing...
what string would trigger that? we don't seem to have any exploiters running around at the moment (you know they'll come back the instant i leave or sth), so i need a way to test and make sure it triggers right

i've figured out that it has to begin with "SEND" or "RESUME"...

danke

-phil

I highly doubt you'll find someone to post something (aka. the exploit itself!) that will test the regexp. Wait, and soon enough someone will test your regexp for you in your channels..

LtPhil · Post by **LtPhil** » Mon Oct 13, 2003 10:09 pm

hmmm, indeed.

/me waits and watches channels

Post by **caesar** » Tue Oct 14, 2003 2:35 am

It's an DCC SEND wich is in fact an sort of CTCP so it should work smoothly..

LtPhil · Post by **LtPhil** » Tue Oct 14, 2003 8:48 am

ppslim: thanks for the code... i checked my log (i have a putlog event if someone tries the exploit), and sure enough, it caught someone

*gives ppslim a bottle of bawls (or a mug of coffee, or any other caffeinated drink you'd prefer

)*

now i'm just having trouble getting the banmask in the format i like (see my other post)

Post by **caesar** » Tue Oct 14, 2003 10:27 am

tequila will do fine

K · Post by K » Fri Feb 27, 2004 8:51 am

i whant the script for exploiting to.can somebody past all the script or include it on a egghelp tcl scripts

strikelight · Post by **strikelight** » Fri Feb 27, 2004 7:04 pm

dpgc wrote:i whant the script for exploiting to.can somebody past all the script or include it on a egghelp tcl scripts

As already stated earlier on in the thread, no one is going to paste the exploit, and if they did, the moderators would surely edit the post out. It would be irresponsible for such a respected irc venue to allow posting of exploits.

K · Post by K » Mon Mar 01, 2004 2:09 am

man i don't whant the code of the exploit i whant the code for the script for my eggdrop that kick/ban users who use the exploit.

arcane · Post by **arcane** » Mon Mar 01, 2004 11:20 am

hm... isn't it possible to recreate the exploit by "translating" the regexp? if i know what i'm searching for, don't i know what i have to type?

egghelp/eggheads community

converting a regex from mirc to TCL

converting a regex from mirc to TCL

me to

Re: me to

no no no no