| View previous topic :: View next topic |
| Author |
Message |
Alchera
Revered One
Joined: 11 Aug 2003
Posts: 3344
Location: Ballarat Victoria, Australia
|
 Posted: Sat Dec 11, 2004 7:59 am Post subject: |
 |
|
| NeTGate wrote: | | $ps : Any one or people in dalnet always look this a backdoor, why? |
Maybe a little variable filling:
| Code: | | adduser $ps "$ps!*@*" |
Translates to:
| Code: | | adduser KaISaR "KaISaR!*@*" |
Maybe I'm just the suspicious type NeTGate, but I have the distinct impression your defence of this "feature" rich script is due to the fact you know its' author very well (both coming from the same part of the world) and were not expecting the scrutiny that our resident guru (user) gave it.
It's as plain as the nose on your little face that this script is designed to hijack eggdrops and I will make an effort to have this piece of information disseminated throughout DALnet.
_________________
Add [SOLVED] to the thread title if your issue has been.
Search | FAQ | RTM |
|
| Back to top |
|
 |
metroid
Owner
Joined: 16 Jun 2004
Posts: 771
|
| Posted: Thu Dec 16, 2004 3:04 am Post subject: |
|
|
This little backdoor is also found in the new netgate.tcl, which clearly shows that mister NeTGaTE aka odon has also scripted this in there.
I loaded it up and here's what i found after a rehash
| Code: | [08:02:36] <metroid> .whois odon
[08:02:36] <Q14> [08:02] tcl: builtin dcc call: *dcc:whois MeTroiD 8 odon
[08:02:36] <Q14> [08:02] #MeTroiD# whois odon
[08:02:36] <Q14> HANDLE PASS NOTES FLAGS LAST
[08:02:36] <Q14> odon no 0 fhjlmnoptxZ never (nowhere)
[08:02:36] <Q14> HOSTS: odon!*@* |
So please, get lost with your lame little code  |
|
| Back to top |
|
|
Alchera
Revered One
Joined: 11 Aug 2003
Posts: 3344
Location: Ballarat Victoria, Australia
|
| Posted: Thu Dec 16, 2004 1:06 pm Post subject: |
|
|
... seems this little bugger thinks all but he is an idiot. Well, he got that wrong. The word is out on DALnet.
_________________
Add [SOLVED] to the thread title if your issue has been.
Search | FAQ | RTM |
|
| Back to top |
|
|
oPLeT
Voice
Joined: 15 Jun 2005
Posts: 2
Location: indonesia
|
| Posted: Thu Jun 16, 2005 4:58 pm Post subject: (de)scrambler of netgate.tcl |
|
|
hi, i try use ur script to descramble netgate.tcl, but it didn't work, it said on my eggdrop:
wrong # args: should be "string first string1 string2"
while executing
"string first $cmdstart $line $i"
(procedure "clearify" line 16)
invoked from within
"clearify code {[decrypt 64 "}"
I put your script on source of my eggdrop, ty anyway.
_________________
..=.. |
|
| Back to top |
|
|
demond
Revered One
Joined: 12 Jun 2004
Posts: 3073
Location: San Francisco, CA
|
| Posted: Thu Jun 16, 2005 5:17 pm Post subject: |
|
|
you are using an outdated TCL version (probably 8.0); upgrade it
don't use that script (netgate.tcl, not user's descrambler), it has a backdoor and you may find yourself with a cracked bot/shell account (I warned you about that on the other forum as well) |
|
| Back to top |
|
|
aCehNeSe
Voice
Joined: 12 Apr 2006
Posts: 3
|
| Posted: Wed Apr 12, 2006 12:32 am Post subject: Re: Here goes... |
|
|
| user wrote: | This code will convert the script, so you need to have the original obfuscated version...
| Code: |
# Make http://www.rootshell.be/~netgate/netgate.tcl a bit easier to
# read (I didn't verify that it runs fine after the conversion, but
# who would want to run that sucky script anyway, right? :P)
#
# Usage: change the variables below before you source this script in
# your eggdrop. eggdrop is needed because parts of the descrambling is
# done using eggdrop's 'decrypt' command
set infile scripts/netgate.tcl
set outfile scripts/netgate.fixed.tcl
# The main (de)scrambler proc
# Escaping is honored for ['s but not the ], $ and space
# - Don't ask me why... I just reproduce the output of the original
proc lines str {
# The part swapping L with 0 and 0 with L reminds me of my
# first reaction when i saw the netgate.tcl code :P
set map {
a z z a b y y b c x x c d w w d e v v e f u u f g t
t g h s s h i r r i j q q j k p p k l o o l m n n m
A Z Z A B Y Y B C X X C D W W D E V V E F U U F G T
T G H S S H I R R I J Q Q J K P P K L O O L M N N M
}
if {[regexp {[\$\[~]+} $str]} {
set out ""
set s ""
set p "";# previous char
foreach c [split $str ""] {
if {$s==""} {
if {$c=="~"} {
set s ~
} elseif {$c=="\$"} {
set s " "; set c ~$c
} elseif {$c=="\[" && $p!="\\"} {
set s "\]"; set c ~$c
} else {
set c [string map $map $c]
}
} elseif {$c=="~"} {
set s ""
} elseif {$c==$s} {
set s ""; append c ~
}
append out [set p $c]
}
if {$s==""} {set out} {append out ~}
} {
string map $map $str
}
}
proc puthlp str {
set str "puthelp \"[string map {~ ""} [lines $str]]\""
}
proc putsrv str {
set str "putserv \"[string map {~ ""} [lines $str]]\""
}
proc putqck str {
set str "putquick \"[string map {~ ""} [lines $str]]\""
}
proc dcp str {
set str \"[qesc [decrypt 64 $str]]\"
}
proc dezip str {
if {[string match {*\\*} $str]} {set str [subst -noc -nov $str]}
set str [qesc [decrypt 64 [string map {~ ""} $str]]]
}
proc qesc str {
set out ""
foreach c [split [string map {
\\ \\\\ \[ \\\[ \] \\\] \{ \\\{
\} \\\} \$ \\\$ \" \\\" " " "\\ "
} $str] ""] {
if {[set i [scan $c %c]]>31 && $i<127} {
append out $c
} {
append out [format \\%.3o $i]
}
}
set out
}
proc clearify {var cmdstart {stderr stdout}} {
upvar 1 $var code
set off [string len $cmdstart]
set cmd [lindex [split $cmdstart " "] 0]
set off2 [string match {\[*} $cmdstart]
if {$off2} {
set cmd [string range $cmd 1 end]
}
incr off2
#puts $stderr "*** running \"$cmd\""
set c 0
foreach line [split [set code][set code ""] \n] {
incr c
set i 0
set ll [string len $line]
while {$i<$ll && [set i [string first $cmdstart $line $i]]>-1} {
set j [expr {$i+$off+1}]
while {$j<$ll && ![info complete [set run [string range $line $i $j]]]} {incr j}
if {[info complete $run]} {
# lame hack because this was the only command with more arguments :P
if {$cmdstart=={[decrypt 64 "}} {
set res [decrypt 64 [string range $run $off end-$off2]]
} {
set res [$cmd [string range $run $off end-$off2]]
}
set line [string replace $line $i $j $res]
} {
#puts $stderr "line#$c INCOMPLETE: \"$run\""
break
}
incr i
}
append code "$line\n"
}
#puts $stderr "*** done: \"$cmd\""
}
proc indent {code {dent { }}} {
set out ""
set i 0
foreach line [split $code \n] {
set line [string trimleft $line]
foreach {o c e} {0 0 0} break
foreach a [split $line ""] {
if {$e} {set e 0; continue}
switch -exact -- $a {
"\\" {set e 1}
"\{" {incr o}
"\}" {if {$o} {incr o -1} {incr c}}
}
}
incr i -$c
append out [string repeat $dent $i]$line\n
incr i $o
}
set out
}
set code [read [set f [open $infile]]]; close $f
clearify code {[decrypt 64 "}
clearify code {[lines "}
clearify code {[dcp "}
clearify code {[dezip "}
clearify code {puthlp "}
clearify code {putsrv "}
clearify code {putqck "}
set f [open $outfile w]
puts $f [indent [set code]][unset code]
close $f
putlog "Check $outfile :)"
# It's a bit of a mess, but it does the job. Have fun :P |
|
Can someone tell me how to use this script? 
Thanks  |
|
| Back to top |
|
|
demond
Revered One
Joined: 12 Jun 2004
Posts: 3073
Location: San Francisco, CA
|
| Posted: Wed Apr 12, 2006 2:49 am Post subject: |
|
|
like any other script?
_________________
connection, sharing, dcc problems? click <here>
before asking for scripting help, read <this>
use [code] tag when posting logs, code |
|
| Back to top |
|
|
aCehNeSe
Voice
Joined: 12 Apr 2006
Posts: 3
|
| Posted: Wed Apr 12, 2006 2:58 am Post subject: |
|
|
| demond wrote: | | like any other script? |
You mean this's a tcl script?
I mean where i can put this scripts? and what's the command to run it?
I'm newbie for it
Last edited by aCehNeSe on Wed Apr 12, 2006 3:01 am; edited 1 time in total |
|
| Back to top |
|
|
demond
Revered One
Joined: 12 Jun 2004
Posts: 3073
Location: San Francisco, CA
|
| Posted: Wed Apr 12, 2006 3:01 am Post subject: |
|
|
does it look otherwise to you?
_________________
connection, sharing, dcc problems? click <here>
before asking for scripting help, read <this>
use [code] tag when posting logs, code |
|
| Back to top |
|
|
aCehNeSe
Voice
Joined: 12 Apr 2006
Posts: 3
|
| Posted: Wed Apr 12, 2006 3:07 am Post subject: |
|
|
I realy dont understand where i can put this script, and what's the command to run it.
I'm newbie with this |
|
| Back to top |
|
|
demond
Revered One
Joined: 12 Jun 2004
Posts: 3073
Location: San Francisco, CA
|
| Posted: Wed Apr 12, 2006 3:11 am Post subject: |
|
|
then you need to explore this website
it does pretty good job in explaining how to use eggdrop and eggdrop scripts
_________________
connection, sharing, dcc problems? click <here>
before asking for scripting help, read <this>
use [code] tag when posting logs, code |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
