This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Eggdrop botnet/linking

General support and discussion of Eggdrop bots.
Post Reply
User avatar
DarkMonk
Voice
Posts: 6
Joined: Wed Jan 24, 2024 7:40 am

Eggdrop botnet/linking

Post by DarkMonk »

Hello everyone.

I'm not completely new to eggdrop but I've taken a break for a long time. I lost all of my private instructions and also how I created the botnet. I've been trying to make a connection between two bots with Hub and Leaf for about two days now :? , but it don't want to work. Link without hub and leaf doesn't work either.

I tried different things and tutorials.
Last:

Code: Select all

Hub:
.+bot Leaf-Bot1 127.0.0.1 6502/6400
.botattr Leaf-Bot1 +l

LeafBot
.+bot Master 127.0.0.1 4474/3000
.botattr Master +h

Code: Select all

eggdrop.conf (Hub)
listen 3000 users
listen 4474 bots

eggdrop.conf (Leafbot)
listen 6400 users
listen 6502 bots

Code: Select all

Hub:
[11:52:00] EOF ident connection
[11:52:00] Refused telnet@localhost (non-bot)
[11:53:00] Telnet connection: localhost/40360
[11:53:00] EOF ident connection
[11:53:00] Refused telnet@localhost (non-bot)

Leaf:
[11:50:00] Lost Bot: Master
[11:51:00] Lost Bot: Master
[11:52:00] Lost Bot: Master
[11:53:00] Lost Bot: Master
[11:54:00] Lost Bot: Master


I also tried to add hostmasks. It's definitely just a beginner's mistake but I can't figure it out. I'm using latest eggdrop-1.9.5 and a very basic config. Please help :(
Image
User avatar
CrazyCat
Revered One
Posts: 1200
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Re: Eggdrop botnet/linking

Post by CrazyCat »

Did you do a .save ?
Change your console to add debug and bot (.console +bd) then try to .link manualy, you'll have more info in the partyline.

You can also try to reset passwords (.chpass Leaf-Bot1 and .chpass Master) so they will recreate their link pass.

And can you show us the result of .whois for each bot ?
User avatar
DarkMonk
Voice
Posts: 6
Joined: Wed Jan 24, 2024 7:40 am

Re: Eggdrop botnet/linking

Post by DarkMonk »

CrazyCat wrote: Wed Jan 24, 2024 8:12 am Did you do a .save ?
First of all, thank you for the quick reply :) .

Actually not this time :roll: but unfortunately nothing seems to change with .save. Same result.
CrazyCat wrote: Wed Jan 24, 2024 8:12 amChange your console to add debug and bot (.console +bd) then try to .link manualy, you'll have more info in the partyline.

Code: Select all

[13:28:41] net: connect! sock 5
[13:28:41] Telnet connection: localhost/51641
[13:28:41] net: eof!(write) socket 15 (Broken pipe,32)
[13:28:41] EOF ident connection
[13:28:41] Refused telnet@localhost (non-bot)
[13:29:00] net: connect! sock 5
[13:29:00] Telnet connection: localhost/55378
[13:29:00] net: eof!(write) socket 15 (Broken pipe,32)
[13:29:00] EOF ident connection
[13:29:00] Refused telnet@localhost (non-bot)
[13:30:00] net: connect! sock 5
[13:30:00] Telnet connection: localhost/57218

Code: Select all

[13:28:41] tcl: builtin dcc call: *dcc:link B******* 8 Master
[13:28:41] #B*******# link Master
[13:28:41] Linking to Master at 127.0.0.1:4474 ...
[13:28:41] net: open_telnet_raw(): idx 4 host 127.0.0.1 ip 127.0.0.1 port 4474 s                                                           sl 0
[13:28:41] net: eof!(read) socket 9
[13:28:41] Lost Bot: Master
[13:29:00] net: open_telnet_raw(): idx 4 host 127.0.0.1 ip 127.0.0.1 port 4474 ssl 0
[13:29:00] net: eof!(read) socket 9
[13:29:00] Lost Bot: Master
[13:30:00] net: open_telnet_raw(): idx 4 host 127.0.0.1 ip 127.0.0.1 port 4474 ssl 0
[13:30:00] net: eof!(read) socket 9
[13:30:00] Lost Bot: Master
[13:31:00] net: open_telnet_raw(): idx 4 host 127.0.0.1 ip 127.0.0.1 port 4474 ssl 0
[13:31:00] net: eof!(read) socket 9
[13:31:00] Lost Bot: Master
You can also try to reset passwords (.chpass Leaf-Bot1 and .chpass Master) so they will recreate their link pass.

Code: Select all

.chpass Master
[13:33:49] tcl: builtin dcc call: *dcc:chpass B******* 8 [something]
[13:33:49] #B*******# chpass Master [nothing]
Removed password.
.link Master
[13:33:55] tcl: builtin dcc call: *dcc:link B******* 8 Master
[13:33:55] #B*******# link Master
[13:33:55] Linking to Master at 127.0.0.1:4474 ...
[13:33:55] net: open_telnet_raw(): idx 4 host 127.0.0.1 ip 127.0.0.1 port 4474 ssl 0
[13:33:55] net: eof!(read) socket 9
[13:33:55] Lost Bot: Master
[13:34:00] net: open_telnet_raw(): idx 4 host 127.0.0.1 ip 127.0.0.1 port 4474 ssl 0
[13:34:00] net: eof!(read) socket 9
[13:34:00] Lost Bot: Master
CrazyCat wrote: Wed Jan 24, 2024 8:12 amAnd can you show us the result of .whois for each bot ?
Sure:

Leaf:

Code: Select all

.whois
[13:35:06] triggering bind dcc:whois
[13:35:06] tcl: builtin dcc call: *dcc:whois B******* 8
Usage: whois <handle>
[13:35:06] triggered bind dcc:whois, user 0.000ms sys 0.121ms
Hub:

Code: Select all

.whois
[13:36:06] triggering bind dcc:whois
[13:36:06] tcl: builtin dcc call: *dcc:whois B******* 12
Usage: whois <handle>
[13:36:06] triggered bind dcc:whois, user 0.151ms sys 0.000ms
Image
User avatar
CrazyCat
Revered One
Posts: 1200
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Re: Eggdrop botnet/linking

Post by CrazyCat »

Sorry, I wanted to say:
in Master, .whois Leaf-Bot1
in Leaf-Bot1, .whois Master

And when you do the .link, please copy the party-line from both Leaf-Bot1 and Master
User avatar
DarkMonk
Voice
Posts: 6
Joined: Wed Jan 24, 2024 7:40 am

Re: Eggdrop botnet/linking

Post by DarkMonk »

CrazyCat wrote: Wed Jan 24, 2024 10:04 am Sorry, I wanted to say:
in Master, .whois Leaf-Bot1
in Leaf-Bot1, .whois Master

And when you do the .link, please copy the party-line from both Leaf-Bot1 and Master
WHOiS:

Code: Select all

.whois Leaf-Bot1
[14:46:50] triggering bind dcc:whois
[14:46:50] tcl: builtin dcc call: *dcc:whois B***** 12 Leaf-Bot1
[14:46:50] #B*****# whois Leaf-Bot1
HANDLE                           PASS NOTES FLAGS           LAST
Leaf-Bot1                        no       0 b               never (nowhere)
  BOT FLAGS: l
  ADDRESS: 127.0.0.1
     users: 6400, bots: 6502
[14:46:50] triggered bind dcc:whois, user 0.116ms sys 0.000ms

Code: Select all

.whois Master
[14:47:11] triggering bind dcc:whois
[14:47:11] tcl: builtin dcc call: *dcc:whois B***** 8 Master
[14:47:11] #B*****# whois Master
HANDLE                           PASS NOTES FLAGS           LAST
Master                           no       0 b               never (nowhere)
  BOT FLAGS: h
  ADDRESS: 127.0.0.1
     users: 3000, bots: 4474
[14:47:11] triggered bind dcc:whois, user 0.000ms sys 0.117ms

LiNK:

Code: Select all

.link Master
[14:47:52] tcl: builtin dcc call: *dcc:link B***** 8 Master
[14:47:52] #B*****# link Master
[14:47:52] Linking to Master at 127.0.0.1:4474 ...
[14:47:52] net: open_telnet_raw(): idx 4 host 127.0.0.1 ip 127.0.0.1 port 4474 ssl 0
[14:47:52] net: eof!(read) socket 9
[14:47:52] Lost Bot: Master

Code: Select all

.link Leaf-Bot1
[14:48:20] tcl: builtin dcc call: *dcc:link B***** 12 Leaf-Bot1
[14:48:20] #B*****# link Leaf-Bot1
[14:48:20] Linking to Leaf-Bot1 at 127.0.0.1:6502 ...
[14:48:20] net: open_telnet_raw(): idx 8 host 127.0.0.1 ip 127.0.0.1 port 6502 ssl 0
[14:48:20] net: eof!(read) socket 13
[14:48:20] Lost Bot: Leaf-Bot1
Image
User avatar
CrazyCat
Revered One
Posts: 1200
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Re: Eggdrop botnet/linking

Post by CrazyCat »

That's weird.
Can you show us the full configuration of each eggdrop ? Didn't you change the listen-addr setting or any IP feature ?
User avatar
DarkMonk
Voice
Posts: 6
Joined: Wed Jan 24, 2024 7:40 am

Re: Eggdrop botnet/linking

Post by DarkMonk »

CrazyCat wrote: Wed Jan 24, 2024 11:16 am That's weird.
Can you show us the full configuration of each eggdrop ? Didn't you change the listen-addr setting or any IP feature ?

Please note that I haven't made many changes yet. I quickly removed all comments. Maybe that's where the error is hiding. I can't explain it otherwise. Leafbot.conf is customized with names, servers, chans and ports basically the same.


Code: Select all

##### BASIC SETTINGS #####
set username "TestBot"
set admin "Anonymous <email: ano@nymous.n3t>"
set network "testirc"
set timezone "CST"
set offset "5"


set prefer-ipv6 0

##### LOG FILES #####
set max-logs 20
set max-logsize 0
set quick-logs 0
set raw-log 0
logfile mco * "logs/main.log"
set log-time 1
set timestamp-format {[%H:%M:%S]}
set keep-all-logs 0
set logfile-suffix ".%d%b%Y"
set switch-logfiles-at 300
set quiet-save 0

##### CONSOLE #####
set console "mkcoblxs"

##### FILES AND DIRECTORIES #####
set userfile "MainBot.user"
set help-path "help/"
set text-path "text/"
set motd "text/motd"
set telnet-banner "text/banner"
set userfile-perm 0600

##### BOTNET/DCC/TELNET #####
listen 3000 users
listen 4444 bots
listen 4474 bots
listen 4497 bots
listen 4486 bots
listen 4425 bots

set remote-boots 2
set share-unlinks 1
set protect-telnet 1
set dcc-sanitycheck 0
set ident-timeout 5
set require-p 1
set open-telnets 0
set stealth-telnets 0
set stealth-prompt "\n\nNickname.\n"
set use-telnet-banner 0
set connect-timeout 15
set dcc-flood-thr 3
set telnet-flood 5:60
set paranoid-telnet-flood 1

##### SSL SETTINGS #####
set ssl-capath "/etc/ssl/"

##### MORE ADVANCED SETTINGS #####
set ignore-time 15
set hourly-updates 00
set owner "********"
set notify-newusers "$owner"
set default-flags "hp"
set whois-fields "url birthday"
set must-be-owner 1
unbind dcc n simul *dcc:simul
set max-socks 100
set allow-dk-cmds 1
set dupwait-timeout 5
set cidr-support 0
set show-uname 1

##### MODULES #####
set mod-path "modules/"
loadmodule pbkdf2
loadmodule blowfish
set blowfish-use-mode cbc
loadmodule channels
set chanfile "MainBot.chan"
set force-expire 0
set share-greet 0
set use-info 1
set allow-ps 0
set default-flood-chan 15:60
set default-flood-deop 3:10
set default-flood-kick 3:10
set default-flood-join 5:60
set default-flood-ctcp 3:60
set default-flood-nick 5:60
set default-aop-delay 5:30
set default-idle-kick 0
set default-chanmode "nt"
set default-stopnethack-mode 0
set default-revenge-mode 0
set default-ban-type 3
set default-ban-time 120
set default-exempt-time 60
set default-invite-time 60
set default-chanset {
        -autoop         -autovoice
        -bitch          +cycle
        +dontkickops    +dynamicbans
        +dynamicexempts +dynamicinvites
        -enforcebans    +greet
        -inactive       -nodesynch
        -protectfriends +protectops
        -revenge        -revengebot
        -secret         -seen
        +shared         -statuslog
        +userbans       +userexempts
        +userinvites    -protecthalfops
        -autohalfop     -static
}
channel add #testchan

loadmodule server
set net-type "EFnet"
set nick "TestBot"
set altnick "TestBot_"
set realname "/msg TestBot hello"
bind evnt - init-server evnt:init_server
proc evnt:init_server {type} {
  global botnick
  putquick "MODE $botnick +i-ws"
}
set default-port 6667
server add testnet.net 6667
set account-notify 1
set extended-join 1
set msg-rate 2
set keep-nick 1
set quiet-reject 1
set lowercase-ctcp 0
set answer-ctcp 3
set flood-msg 5:60
set flood-ctcp 3:60
set server-cycle-wait 60
set server-timeout 60
set check-stoned 1
set serverror-quit 1
set max-queue-msg 300
set trigger-on-ignore 0
set exclusive-binds 0
set double-mode 1
set double-server 1
set double-help 1
set optimize-kicks 1
set stack-limit 4
loadmodule ctcp
set ctcp-mode 0
loadmodule irc
set bounce-bans 0
set bounce-exempts 0
set bounce-invites 0
set bounce-modes 0
set learn-users 0
set wait-split 600
set wait-info 180
set mode-buf-length 200
unbind msg - ident *msg:ident
unbind msg - addhost *msg:addhost
set opchars "@"
set no-chanrec-info 0
set prevent-mixing 1
set max-dloads 3
set dcc-block 0
set copy-to-tmp 1
set xfer-timeout 30
loadmodule share
set share-compressed 1
set files-path "/home/mydir/filesys"
set incoming-path "/home/mydir/filesys/incoming"
set upload-to-pwd 0
set filedb-path ""
set max-file-users 20
set max-filesize 1024
loadmodule notes
set notefile "MainBot.notes"
set max-notes 50
set note-life 60
set allow-fwd 0
set notify-users 0
set notify-onjoin 1
if {[file exists aclocal.m4]} { die {You are attempting to run Eggdrop from the source directory. Please finish installing Eggdrop by running "make install" and run it from the install location.} }
loadmodule console
set console-autosave 1
set force-channel 0
set info-party 0
loadmodule uptime

##### SCRIPTS #####
source scripts/alltools.tcl
source scripts/action.fix.tcl
source scripts/dccwhois.tcl
source scripts/userinfo.tcl
loadhelp userinfo.help
if {[info exists net-type]} {
  switch -- ${net-type} {
    "EFnet" {
      source scripts/quotepong.tcl
    }
    "0" {
      source scripts/quotepong.tcl
    }
  }
}
Last edited by DarkMonk on Wed Jan 24, 2024 4:25 pm, edited 1 time in total.
Image
User avatar
Carlin0
Voice
Posts: 28
Joined: Tue Dec 04, 2018 3:41 pm
Location: Italy

Re: Eggdrop botnet/linking

Post by Carlin0 »

From .help whois

Code: Select all

For bots, there are additional flags seen under the "BOTATTR:" section.
   Valid botflags include:
      a - alternate (bot is autolinked if no hub bots can be linked)
      b - ban sharing (pasv bot can share bans with aggr bot)
      c - channel sharing (pasv bot can share chan changes with aggr bot)
      d - share aggressively (SEND userfile to a passive bot), none sharing (pasv bot to aggr bot)
      e - exempt sharing (pasv bot can share exempts with aggr bot)
      g - global share (bot is sharing all channels)
      h - hub (bot is autolinked at highest priority)
      i - isolate (isolate the party line across a botlink)
      j - invite sharing (pasv bot can share invites with aggr bot)
      l - leaf (bot is not allowed to link other bots onto the botnet)         <<<------------------------------ 
      n - ignore sharing (pasv bot can share ignores with aggr bot)
      p - share passively (ACCEPT userfile from an aggressive bot)
      r - reject (bot will not be allowed to link to the botnet)
      s - share aggressively (SEND userfile to a passive bot), all sharing (pasv bot to aggr bot)
      u - user sharing (pasv bot can share user changes with aggr bot)
User avatar
DarkMonk
Voice
Posts: 6
Joined: Wed Jan 24, 2024 7:40 am

Re: Eggdrop botnet/linking

Post by DarkMonk »

Carlin0 wrote: Wed Jan 24, 2024 3:54 pm From .help whois

Code: Select all

For bots, there are additional flags seen under the "BOTATTR:" section.
   Valid botflags include:
      a - alternate (bot is autolinked if no hub bots can be linked)
      b - ban sharing (pasv bot can share bans with aggr bot)
      c - channel sharing (pasv bot can share chan changes with aggr bot)
      d - share aggressively (SEND userfile to a passive bot), none sharing (pasv bot to aggr bot)
      e - exempt sharing (pasv bot can share exempts with aggr bot)
      g - global share (bot is sharing all channels)
      h - hub (bot is autolinked at highest priority)
      i - isolate (isolate the party line across a botlink)
      j - invite sharing (pasv bot can share invites with aggr bot)
      l - leaf (bot is not allowed to link other bots onto the botnet)         <<<------------------------------ 
      n - ignore sharing (pasv bot can share ignores with aggr bot)
      p - share passively (ACCEPT userfile from an aggressive bot)
      r - reject (bot will not be allowed to link to the botnet)
      s - share aggressively (SEND userfile to a passive bot), all sharing (pasv bot to aggr bot)
      u - user sharing (pasv bot can share user changes with aggr bot)
I don't want to link with other bots, only hub. Without flags I have the same issue.
Image
User avatar
CrazyCat
Revered One
Posts: 1200
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Re: Eggdrop botnet/linking

Post by CrazyCat »

DarkMonk wrote: Wed Jan 24, 2024 11:53 am
CrazyCat wrote: Wed Jan 24, 2024 11:16 am That's weird.
Can you show us the full configuration of each eggdrop ? Didn't you change the listen-addr setting or any IP feature ?

Please note that I haven't made many changes yet. I quickly removed all comments. Maybe that's where the error is hiding. I can't explain it otherwise. Leafbot.conf is customized with names, servers, chans and ports basically the same.
As you don't seem to use SSL, try restarting the both eggdrop after having commented the ssl-capath setting.

I'll try to reproduce your trouble using your conf, peharps will I succeed. But I never had any trouble to create a simple botnet.
User avatar
DarkMonk
Voice
Posts: 6
Joined: Wed Jan 24, 2024 7:40 am

Re: Eggdrop botnet/linking

Post by DarkMonk »

CrazyCat wrote: Thu Jan 25, 2024 3:21 am
DarkMonk wrote: Wed Jan 24, 2024 11:53 am
CrazyCat wrote: Wed Jan 24, 2024 11:16 am That's weird.
Can you show us the full configuration of each eggdrop ? Didn't you change the listen-addr setting or any IP feature ?

Please note that I haven't made many changes yet. I quickly removed all comments. Maybe that's where the error is hiding. I can't explain it otherwise. Leafbot.conf is customized with names, servers, chans and ports basically the same.
As you don't seem to use SSL, try restarting the both eggdrop after having commented the ssl-capath setting.

I'll try to reproduce your trouble using your conf, peharps will I succeed. But I never had any trouble to create a simple botnet.
Thank you for your effort :!: :wink:
Image
Post Reply