egghelp.org community Forum Index
[ egghelp.org home | forum home ]
egghelp.org community
Discussion of eggdrop bots, shell accounts and tcl scripts.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Script containing some abuse.
Goto page 1, 2  Next
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    egghelp.org community Forum Index -> Archive
View previous topic :: View next topic  
Author Message
Sir_Fz
Revered One


Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon

PostPosted: Thu Jul 10, 2003 10:14 am    Post subject: Script containing some abuse. Reply with quote

 I saw the following error in partyline:
Quote:
[07:08] Tcl error in script for 'timer9320':
[07:08] invalid command name "blade"

I checked what's happenin in the channel, and i saw this:
Quote:
 · · Joins: ElmOkH[Disconnected]8 [ ~[[blade]]@202.184.1.40]

I also tried to let a user join with ident [die], and the bot died.

so what should I search for in order to detect this backdoor ?
_________________
Follow me on GitHub

- Opposing

Public Tcl scripts
Back to top
View user's profile Send private message Visit poster's website
Papillon
Owner


Joined: 15 Feb 2002
Posts: 724
Location: *.no

PostPosted: Thu Jul 10, 2003 10:59 am    Post subject: Reply with quote

somewhere in there it is either an exec command, or (most likely) there is some wrong usage of lists/strings...
make sure the list commands is only used on valid lists, and string commands on valid strings
_________________
Elen sila lúmenn' omentielvo
Back to top
View user's profile Send private message MSN Messenger
Sir_Fz
Revered One


Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon

PostPosted: Thu Jul 10, 2003 1:02 pm    Post subject: Reply with quote

I think Pub.tcl has something of this abuse.

can u plz check if there is anything in this script causing this abuse ?
_________________
Follow me on GitHub

- Opposing

Public Tcl scripts
Back to top
View user's profile Send private message Visit poster's website
Papillon
Owner


Joined: 15 Feb 2002
Posts: 724
Location: *.no

PostPosted: Fri Jul 11, 2003 5:54 am    Post subject: Reply with quote

it's not that script... it only has one utimer which is perfectly ok..
_________________
Elen sila lúmenn' omentielvo
Back to top
View user's profile Send private message MSN Messenger
Sir_Fz
Revered One


Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon

PostPosted: Fri Jul 11, 2003 6:23 am    Post subject: Reply with quote

how about this one ?
Code:
proc clone_pro_join {nick uhost handl chan} {
   global cp_chans cp_j_flood cp_jp_flood cp_btime cp_host_count cp_uh_count cp_notify
   set uhost [string tolower $uhost]
   set host [lindex [split $uhost @] 1]
   set chan [string tolower $chan]
   if {[lsearch -exact $cp_chans $chan] == -1} {return 0}

   if {![info exists cp_host_count($host:$chan)]} {
      set cp_host_count($host:$chan) 1
   } else {
      incr cp_host_count($host:$chan)
   }
   utimer [lindex $cp_j_flood 1] "cp_expire cp_host_count($host:$chan)"

   if {$cp_host_count($host:$chan) > [lindex $cp_j_flood 0]} {
      newchanban $chan *!*@$host ClonePro "Join Flood detected from your host - Banned 10mins." $cp_btime
          sendnote ClonePro $cp_notify "÷ banned *!*@$host (massjoin) on $chan, [ctime [unixtime]] ÷"
      if {[botisop $chan] && [onchan $nick $chan]} {
    putserv "mode $chan +MR"
         putquick "KICK $chan $nick :Join Flood detected from your host - Banned 10mins."
    utimer 15 "pushmode $chan -R"
    utimer 30 "pushmode $chan -M"
      }
    }

   if {![info exists cp_uh_count($uhost:$chan)]} {
      set cp_uh_count($uhost:$chan) 1
   } else {
      incr cp_uh_count($uhost:$chan)
   }
   utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)"
   if {$cp_uh_count($uhost:$chan) >= [expr [lindex $cp_jp_flood 0]*2]} {
      newchanban $chan *!*@$host ClonePro "eXcess Join/Part detected from your host - Banned 10mins." $cp_btime
          sendnote ClonePro $cp_notify "÷ banned *!*@$host (join/part flood) on $chan, [ctime [unixtime]] ÷"
      if {[botisop $chan] && [onchan $nick $chan]} {
    putserv "mode $chan +R"
         putquick "KICK $chan $nick :eXcess Join/Part detected from your host - Banned 10mins."
   utimer 15 "pushmode $chan -R"
      }
    }
}

proc clone_pro_leave {nick uhost handl chan {reason "Left channel"}} {
   global cp_chans cp_jp_flood cp_btime cp_uh_count cp_notify
   set uhost [string tolower $uhost]
   set host [lindex [split $uhost @] 1]
   set chan [string tolower $chan]
   if {[lsearch -exact $cp_chans $chan] == -1} {return 0}
   if {![info exists cp_uh_count($uhost:$chan)]} {
      set cp_uh_count($uhost:$chan) 1
   } else {
      incr cp_uh_count($uhost:$chan)
   }
   utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)"
   if {$cp_uh_count($uhost:$chan) >= [expr [lindex $cp_jp_flood 0]*2]} {
      newchanban $chan *!*@$host ClonePro "eXcess Join/Part detected from your host - Banned 10mins." $cp_btime
          sendnote ClonePro $cp_notify "÷ banned *!*@$host (join/part flood) on $chan, [ctime [unixtime]] ÷"
      if {[botisop $chan] && [onchan $nick $chan]} {
putserv "mode $chan +R"
         putquick "KICK $chan $nick :eXcess Join/Part detected from your host - Banned 10mins."
   utimer 15 "pushmode $chan -R"
      }
    }
}

proc cp_expire var_exp {
   upvar $var_exp var_pointer
 
   if {$var_pointer > 1} {
      incr var_pointer -1
   } else {
      unset var_pointer
   }
}

set cp_chans [string tolower $cp_chans]
set cp_j_flood [split $cp_j_flood :]
set cp_jp_flood [split $cp_jp_flood :]


# clear variables and timers on rehash
if {[array exists cp_host_count]} {unset cp_host_count}
if {[array exists cp_uh_count]} {unset cp_uh_count}
foreach check_utimer [utimers] {
   if {[string match cp_*_count* [lindex $check_utimer 1]]} {
      killutimer [lindex $check_utimer 2]
   }
}

_________________
Follow me on GitHub

- Opposing

Public Tcl scripts
Back to top
View user's profile Send private message Visit poster's website
egghead
Master


Joined: 29 Oct 2001
Posts: 481

PostPosted: Fri Jul 11, 2003 6:49 am    Post subject: Reply with quote

Sir_Fz wrote:
how about this one ?
Code:
proc clone_pro_join {nick uhost handl chan} {

[snip]

proc clone_pro_leave {nick uhost handl chan {reason "Left channel"}} {



That is a good candidate.

Code:

utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)"


This is the offending line, which appears multiple times in the snippet you pasted. Note that this script makes a call to the proc "cp_expire" with "cp_uh_count($uhost:$chan)" as its argument. It appears this is a mistake and should be "$cp_uh_count($uhost:$chan)"

It is appreciated if you let us know what script this is and where you got it. If you got it from the egghelp.org tcl scripts repository, please inform slennox on it.
Back to top
View user's profile Send private message Visit poster's website
Sir_Fz
Revered One


Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon

PostPosted: Fri Jul 11, 2003 11:29 am    Post subject: Reply with quote

I got it from the TCL archieve of this site (http://www.egghelp.org), Clonepro.tcl.

so all i have to do is replace from cp_uh_count($uhost:$chan) to $cp_uh_count($uhost:$chan) and it won't have this problem ?
_________________
Follow me on GitHub

- Opposing

Public Tcl scripts
Back to top
View user's profile Send private message Visit poster's website
egghead
Master


Joined: 29 Oct 2001
Posts: 481

PostPosted: Fri Jul 11, 2003 11:43 am    Post subject: Reply with quote

Sir_Fz wrote:
I got it from the TCL archieve of this site (http://www.egghelp.org), Clonepro.tcl.

so all i have to do is replace from cp_uh_count($uhost:$chan) to $cp_uh_count($uhost:$chan) and it won't have this problem ?


Yes. Note that that line occurs a couple of times in the code you pasted.

Edit: only replace it in the utimers lines. NOT everywhere.


Last edited by egghead on Fri Jul 11, 2003 12:13 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
Sir_Fz
Revered One


Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon

PostPosted: Fri Jul 11, 2003 12:00 pm    Post subject: Reply with quote

ok thank you Smile
but now this error appears:
[08:58] Tcl error [clone_pro_join]: can't read "cp_uh_count(ident@xx.xx.xxx.xxx:#channel)": no such variable

Note:I replaced all cp_uh_count($uhost:$chan) with $cp_uh_count($uhost:$chan) except the set cp_uh_count($uhost:$chan)
_________________
Follow me on GitHub

- Opposing

Public Tcl scripts
Back to top
View user's profile Send private message Visit poster's website
egghead
Master


Joined: 29 Oct 2001
Posts: 481

PostPosted: Fri Jul 11, 2003 12:12 pm    Post subject: Reply with quote

Sir_Fz wrote:
ok thank you Smile
but now this error appears:
[08:58] Tcl error [clone_pro_join]: can't read "cp_uh_count(ident@xx.xx.xxx.xxx:#channel)": no such variable

Note:I replaced all cp_uh_count($uhost:$chan) with $cp_uh_count($uhost:$chan) except the set cp_uh_count($uhost:$chan)


You only need to replace it in the utimers, not everywhere.
Back to top
View user's profile Send private message Visit poster's website
Sir_Fz
Revered One


Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon

PostPosted: Fri Jul 11, 2003 12:19 pm    Post subject: Reply with quote

ok thanx again. I did as u told me, but this new error appears:

[09:17] Tcl error in script for 'timer28022':
[09:17] wrong # args: should be "upvar ?level? otherVar localVar ?otherVar localVar ...?"
_________________
Follow me on GitHub

- Opposing

Public Tcl scripts
Back to top
View user's profile Send private message Visit poster's website
egghead
Master


Joined: 29 Oct 2001
Posts: 481

PostPosted: Fri Jul 11, 2003 12:28 pm    Post subject: Reply with quote

Sir_Fz wrote:
ok thanx again. I did as u told me, but this new error appears:

[09:17] Tcl error in script for 'timer28022':
[09:17] wrong # args: should be "upvar ?level? otherVar localVar ?otherVar localVar ...?"


Yeah, my bad.

replace

Code:

utimer [lindex $cp_jp_flood 1] "cp_expire cp_uh_count($uhost:$chan)"

by
Code:

utimer [lindex $cp_jp_flood 1]  [list cp_expire cp_uh_count($uhost:$chan)]


This will send the name of the array to the cp_expire proc and not the value.

Aren't there any other clone detection scripts out there? This is kind of an odd script which will show interesting behaviour under serious flood conditions.
Back to top
View user's profile Send private message Visit poster's website
Sir_Fz
Revered One


Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon

PostPosted: Fri Jul 11, 2003 12:51 pm    Post subject: Reply with quote

ok, thanx again Smile
this time it works very well with no errors and no such abuse. Wink
_________________
Follow me on GitHub

- Opposing

Public Tcl scripts
Back to top
View user's profile Send private message Visit poster's website
Sir_Fz
Revered One


Joined: 27 Apr 2003
Posts: 3793
Location: Lebanon

PostPosted: Fri Jul 11, 2003 2:16 pm    Post subject: Reply with quote

Edit:nothing. (mistake reply) sorry
_________________
Follow me on GitHub

- Opposing

Public Tcl scripts


Last edited by Sir_Fz on Tue Aug 12, 2003 7:01 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
egghead
Master


Joined: 29 Oct 2001
Posts: 481

PostPosted: Fri Jul 11, 2003 2:19 pm    Post subject: Reply with quote

Sir_Fz wrote:
now the following error appears when the bot parts then joins the channel:
Quote:
[11:12] Bot joined #channel.
[11:13] Tcl error in script for 'timer32806':
[11:13] can't read "tslines(#channel)": no such element in array

now what's the problem ?? :p


this seems not related to the code you posted earlier, but to some other code. Check for the word "tslines" in the tcl scripts you loaded.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    egghelp.org community Forum Index -> Archive All times are GMT - 4 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Forum hosting provided by Reverse.net

Powered by phpBB © 2001, 2005 phpBB Group
subGreen style by ktauber