yep, that allows the guy to execute Tcl commands upon getting a connection initiated by your bot running this sh*t to the aspb (whatever that is) "database"
bottom line is what we've been saying (well, at least me hehe) over and over and over again on these forums: NEVER RUN ENCRYPTED EGGDROP SCRIPTS, EVER (that is, unless you managed to decrypt and audit it)
This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
encrypted trojan scan script (cont.)
Well, will be nice if you take back your complaint about decrypting scripts. I don`t trust well known people blind. Now you see that he input a backdoor (not by accident(. That wasn`t nice,. I failed to see a regular usage of cmd 99. No one else from outside should be able to execute any tcl commands.MeTroiD wrote:Guys, i just happen to know who made this script and code get obfuscated for a reason. You shouldn't deobfuscate code for someone without the explicit authorisation from the author, unless there would be malious code in it, which i dont think there is..
-
demond
- Revered One
- Posts: 3073
- Joined: Sat Jun 12, 2004 9:58 am
- Location: San Francisco, CA
- Contact:
I can't speak for sKy but would guess he/she gets at your apparent endorsement of that particular encrypted/backdoored scriptMeTroiD wrote:Wait, you didn't just comment on something i said several months ago did you?
Seriously, what are you getting at?
now, you may know the guy, the guy may be nice & not that type of person who would break into other people's shells, the backdoor may be there by an accident or meant as a service feature and not as break-in mechanism, and the script may be encrypted for educational purposes only - however all of that has nothing to do with the common sense security principle of never running binaries from a source not widely trusted & known to the public - and the fact you know the guy alone hardly makes his script(s) trusted by the public
Could you guys please end this poitless discussion? Like demond said it's simple, just don't load *obfuscated* TCL scripts on your bot.
IMHO MeTroiD, no one considered you guilty of something just cos you either think or indeed know the person who made the script. Just relax.
If someone did a obfuscated TCL script then either he/she has something to hide or dosen't want other people snoop around their code, change a few bits and relase it as it's their own. I tend to think/belive (about the people like strikelight) to prevent other people from snooping around the code. If it's offered for free this dosen't mean you can do WHATEVER you want with it.
IMHO MeTroiD, no one considered you guilty of something just cos you either think or indeed know the person who made the script. Just relax.
If someone did a obfuscated TCL script then either he/she has something to hide or dosen't want other people snoop around their code, change a few bits and relase it as it's their own. I tend to think/belive (about the people like strikelight) to prevent other people from snooping around the code. If it's offered for free this dosen't mean you can do WHATEVER you want with it.
Once the game is over, the king and the pawn go back in the same box.