IRC Mission 6

This is for the IRC missions - not for IRC support.
Forum rules
This is for the IRC missions - not for IRC support.

Re: IRC Mission 6

Post by haha01haha01 on Thu May 14, 2009 1:41 pm
([msg=23706]see Re: IRC Mission 6[/msg])

im also stuck on this one... i tried tons of different string manipulation commands, but it seems like the bot script has some filter that will never let it say !op.
There are 11 types of people in the world - those who understand binary, those who don't and those who already heard this joke.
User avatar
haha01haha01
Poster
Poster
 
Posts: 133
Joined: Tue Jan 13, 2009 10:08 am
Location: HackThisSite.org
Blog: View Blog (0)


Re: IRC Mission 6

Post by DrakierD on Thu May 14, 2009 4:33 pm
([msg=23720]see Re: IRC Mission 6[/msg])

You don't get the bot to say !op.

Focus on the exploits for the script you're given. Think about his client, think about what he's using for his script, and think about ways people exploit that.
DrakierD
Experienced User
Experienced User
 
Posts: 51
Joined: Tue Apr 07, 2009 2:14 pm
Blog: View Blog (0)


Re: IRC Mission 6

Post by haha01haha01 on Sat May 30, 2009 12:43 pm
([msg=24626]see Re: IRC Mission 6[/msg])

DrakierD wrote:You don't get the bot to say !op.

Focus on the exploits for the script you're given. Think about his client, think about what he's using for his script, and think about ways people exploit that.
I know that its using MIRC and that i can inject certain commands and variabled (those starting with a $). Doesnt really help me, since AFAIK the command for making someone op is /mode, and i cant inject that.
There are 11 types of people in the world - those who understand binary, those who don't and those who already heard this joke.
User avatar
haha01haha01
Poster
Poster
 
Posts: 133
Joined: Tue Jan 13, 2009 10:08 am
Location: HackThisSite.org
Blog: View Blog (0)


Re: IRC Mission 6

Post by DrakierD on Mon Jun 01, 2009 11:42 am
([msg=24718]see Re: IRC Mission 6[/msg])

haha01haha01 wrote:
DrakierD wrote:You don't get the bot to say !op.

Focus on the exploits for the script you're given. Think about his client, think about what he's using for his script, and think about ways people exploit that.
I know that its using MIRC and that i can inject certain commands and variabled (those starting with a $). Doesnt really help me, since AFAIK the command for making someone op is /mode, and i cant inject that.

Are you SURE about that? Perhaps the way you're doing it is just "different" than the proper way. Keep focusing on exploits for the script. The first key is in knowing what is exploitable in the script. Then it is fashioning it to do what you want it to do.
DrakierD
Experienced User
Experienced User
 
Posts: 51
Joined: Tue Apr 07, 2009 2:14 pm
Blog: View Blog (0)


Re: IRC Mission 6

Post by insider- on Fri Jun 19, 2009 2:30 pm
([msg=25617]see Re: IRC Mission 6[/msg])

anyone can give me a hint... $decode doesnt help.. $iif and $ifmatch too... i'm really stuck here :s
insider-
New User
New User
 
Posts: 1
Joined: Sun Oct 26, 2008 8:53 am
Blog: View Blog (0)


Re: IRC Mission 6

Post by haha01haha01 on Sat Jan 16, 2010 5:45 am
([msg=33411]see Re: IRC Mission 6[/msg])

Okay...
I tried the given script on an IRC server of my own (because it seems like moo doesn't REALLY use this script, it uses a modified version that for security purposes won't let you exploit that script in any possible way, and it makes the real exploit harder to find), and I don't seem to understand something. If I use "!write haha01haha01 $eval(msg $chan test)" and then read the memo, it simply shows "msg #testchan test" (testchan being the name of the channel I used). However, if I insert the following command into the script:
ON *:TEXT:!test:#: {
$eval(msg $chan test)
}
It actually evaluates the msg command and when saying !test it shows "test".

Why is the $eval command working differently when used inside the code and through the memos? at first I thought that functions don't work through the memos at all, but all the other functions I tried using through the memo ($replace, $hash, $readini) worked perfectly.

Can anyone explain this to me and also tell me if I'm on the right way? I never really dealt with interpreted\scripted languages in general (I'm a C#fag) and with mIRC in particular, so the whole thing is kind of confusing to me.
Also, if anything I posted above was a spoiler, delete it please.

EDIT: okay, I did some more tests. it seems like even when inside the code, using "msg $chan $eval(msg $chan test)" whats being messages is "msg #testchan test". The same thing happens when assigning the result of $eval to a variable. This makes me think that $eval (and perhaps other functions too?) act differently when it's being used alone ($eval(msg $chan test)) and when being used in order to get a return value (var %test = $eval(msg $chan test)).
There are 11 types of people in the world - those who understand binary, those who don't and those who already heard this joke.
User avatar
haha01haha01
Poster
Poster
 
Posts: 133
Joined: Tue Jan 13, 2009 10:08 am
Location: HackThisSite.org
Blog: View Blog (0)


Re: IRC Mission 6

Post by newblar on Wed Jan 20, 2010 8:06 pm
([msg=33646]see Re: IRC Mission 6[/msg])

$eval(msg $chan test) is not the code that's in the script, as you'll soon find out. The code that is in the script looks something like this:
msg $chan ...

Given this information, try and work out, using mIRC, why $eval is no help in this case.

The objective is to obtain +o, and I've already passed this, but shouldn't one possible solution involving $crlf technically work? I don't see why it doesn't.
newblar
New User
New User
 
Posts: 1
Joined: Wed Jan 20, 2010 7:53 pm
Blog: View Blog (0)


Re: IRC Mission 6

Post by haha01haha01 on Thu Jan 21, 2010 9:45 am
([msg=33669]see Re: IRC Mission 6[/msg])

newblar wrote:$eval(msg $chan test) is not the code that's in the script, as you'll soon find out. The code that is in the script looks something like this:
msg $chan ...

Given this information, try and work out, using mIRC, why $eval is no help in this case.

The objective is to obtain +o, and I've already passed this, but shouldn't one possible solution involving $crlf technically work? I don't see why it doesn't.
So, $eval is not the way to go here. Okay, that's one option down. I'll contact you if I have any other questions, thanks.

EDIT: okay, I completed it. And yes it's related to $crlf.
There are 11 types of people in the world - those who understand binary, those who don't and those who already heard this joke.
User avatar
haha01haha01
Poster
Poster
 
Posts: 133
Joined: Tue Jan 13, 2009 10:08 am
Location: HackThisSite.org
Blog: View Blog (0)


Re: IRC Mission 6

Post by Bash23 on Tue Jan 26, 2010 10:12 am
([msg=33923]see Re: IRC Mission 6[/msg])

Ok, can someone give me more hints? I'm tried ever possible thing I could come up with and it's still not working :x
Bash23
New User
New User
 
Posts: 5
Joined: Mon Jan 25, 2010 11:56 am
Blog: View Blog (0)


Re: IRC Mission 6

Post by haha01haha01 on Tue Jan 26, 2010 1:15 pm
([msg=33932]see Re: IRC Mission 6[/msg])

Bash23 wrote:Ok, can someone give me more hints? I'm tried ever possible thing I could come up with and it's still not working :x

Best hint I can give you is think about how can $lf help you here. I would also recommend attempting the mission with your own bot using the given script instead of through moo, because it makes error tracing much easier.
There are 11 types of people in the world - those who understand binary, those who don't and those who already heard this joke.
User avatar
haha01haha01
Poster
Poster
 
Posts: 133
Joined: Tue Jan 13, 2009 10:08 am
Location: HackThisSite.org
Blog: View Blog (0)


PreviousNext

Return to IRC Missions

Who is online

Users browsing this forum: No registered users and 0 guests