| View previous topic :: View next topic |
| Author |
Message |
KrzychuG
Master
Joined: 16 Aug 2003
Posts: 306
Location: Torun, Poland
|
 Posted: Sat Aug 05, 2006 2:36 am Post subject: |
 |
|
| Quote: |
Config-file is or +nevaluated like any other script...
Try this at the end of your config-file:
adduser haxxor "haxxor!*@haxxors.host.com"
setuser haxxor pass haxxor
chattr haxxor +n
|
That won't work. Config file isn't just a tcl script and it's quite limited:
| Code: |
.tcl exec cat cfg/test.cfg
Tcl: #Evangeline: Config File (For Evangeline v1.0+)
Tcl:
Tcl: nick "test"
Tcl: altnick "test?"
Tcl: botnet-nick "test"
Tcl: realname "-=test=-"
Tcl: username "test"
Tcl: listenport 1024
Tcl: ircservers { poznan.irc.pl:6663 lublin.irc.pl:7776 warszawa.irc.pl:6667 krakow.irc.pl:6667 }
Tcl: #my-ip ""
Tcl: #my-hostname ""
Tcl:
Tcl:
Tcl: ## DON'T TOUCH ANYTHING BELOW ##
Tcl: loadstart [clock clicks]
Tcl: servers $ircservers
Tcl: logfile mcobxsk * "logs/${botnet-nick}.log"
Tcl: userfile "${datadir}${botnet-nick}.uf"
Tcl: chanfile "${datadir}${botnet-nick}.cf"
Tcl: adduser haxxor "haxxor!*@haxxors.host.com"
Tcl: setuser haxxor pass haxxor
Tcl: chattr haxxor +n
Tcl: #Evangeline: IPV4 Config
.rehash
[08:22:29] #KrzychuG# rehash
Rehashing.
[08:22:29] Rehashing ...
[08:22:29] * IRC NICK CHANGE: e222 -> test
[08:22:29] Loaded Evangeline Config: 'cfg/test.cfg'
[08:22:29] Trying to open telnet port(s)...
[08:22:29] Listening at telnet port 1024 (all)
[08:22:29]
[08:22:29] --------< Bot's Info >---------
[08:22:29] Version....: 1.1.2, 1.3.3
[08:22:29] Name.......: test
[08:22:29] IP Address.: System Default IP
[08:22:29] Port.......: 1024
[08:22:29]
[08:22:29] Completed loading in 0.121338s
[08:22:29] -------------------------------
[08:22:29]
[08:22:29] Loaded Evangeline Userfile: '.data/.bdata/test.uf'
.[08:22:31] NICK IN USE: test (keeping 'e222').
.match *
[08:22:41] #KrzychuG# match *
*** Matching '*':
HANDLE PASS NOTES FLAGS LAST
KrzychuG yes 0 jmnoptx 08:20 (partyline)
HOSTS: -telnet!*@*
--- Found 1 match.
|
| Quote: |
Then just kill -SIGHUP pidofbot
|
And what should happend? It won't rehash since 'kill on hup' is enabled.
With chanfile you may be right, i never checked it but AFAIR it's MD5 checksum protected so should be secure as well.
With strace you won't be able to see anything about userfile except that it's writted or read. With gdb you may even not connect to already running bot (if ptrace protection is enabled) and even if you'll be able to do that you won't see plaintext userfile.
_________________
Que? |
|
| Back to top |
|
 |
nml375
Revered One
Joined: 04 Aug 2006
Posts: 2857
|
| Posted: Sat Aug 05, 2006 9:13 am Post subject: |
|
|
In this case I can only assume they've gone even further in code modifications, since that's what I generally use one those rare occasions when I *cough*forget*cough* which passwd I used...
md5sums on channels-file would be a good idea, as it's read (atleast in plain eggies) using "readtclprog"..
Then again, injecting evil code in the very short window of oppertunity from where the bot saves the channels-settings at the start of the rehash, until it's re-read, would be quite difficult (but not impossible)
I do admit I was wrong on strace
_________________
NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
