This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

encrypted trojan scan script (cont.)

Support & discussion of released scripts, and announcements of new releases.
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:

Post by demond »

yep, that allows the guy to execute Tcl commands upon getting a connection initiated by your bot running this sh*t to the aspb (whatever that is) "database"

bottom line is what we've been saying (well, at least me hehe) over and over and over again on these forums: NEVER RUN ENCRYPTED EGGDROP SCRIPTS, EVER (that is, unless you managed to decrypt and audit it)
User avatar
sKy
Op
Posts: 194
Joined: Thu Apr 14, 2005 5:58 pm
Location: Germany

Post by sKy »

MeTroiD wrote:Guys, i just happen to know who made this script and code get obfuscated for a reason. You shouldn't deobfuscate code for someone without the explicit authorisation from the author, unless there would be malious code in it, which i dont think there is..
Well, will be nice if you take back your complaint about decrypting scripts. I don`t trust well known people blind. Now you see that he input a backdoor (not by accident(. That wasn`t nice,. I failed to see a regular usage of cmd 99. No one else from outside should be able to execute any tcl commands.
m
metroid
Owner
Posts: 771
Joined: Wed Jun 16, 2004 2:46 am

Post by metroid »

Wait, you didn't just comment on something i said several months ago did you?

Seriously, what are you getting at?
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:

Post by demond »

MeTroiD wrote:Wait, you didn't just comment on something i said several months ago did you?

Seriously, what are you getting at?
I can't speak for sKy but would guess he/she gets at your apparent endorsement of that particular encrypted/backdoored script

now, you may know the guy, the guy may be nice & not that type of person who would break into other people's shells, the backdoor may be there by an accident or meant as a service feature and not as break-in mechanism, and the script may be encrypted for educational purposes only - however all of that has nothing to do with the common sense security principle of never running binaries from a source not widely trusted & known to the public - and the fact you know the guy alone hardly makes his script(s) trusted by the public
m
metroid
Owner
Posts: 771
Joined: Wed Jun 16, 2004 2:46 am

Post by metroid »

That wasn't was i was saying at all demond. I just know who made it and i believe the other versions weren't encrypted.

I don't know nor care why that script has things like that as i dont use it anyway.
I was just saying that it makes no sense he is saying something after this much time.
User avatar
caesar
Mint Rubber
Posts: 3778
Joined: Sun Oct 14, 2001 8:00 pm
Location: Mint Factory

Post by caesar »

Could you guys please end this poitless discussion? Like demond said it's simple, just don't load *obfuscated* TCL scripts on your bot.

IMHO MeTroiD, no one considered you guilty of something just cos you either think or indeed know the person who made the script. Just relax.

If someone did a obfuscated TCL script then either he/she has something to hide or dosen't want other people snoop around their code, change a few bits and relase it as it's their own. I tend to think/belive (about the people like strikelight) to prevent other people from snooping around the code. If it's offered for free this dosen't mean you can do WHATEVER you want with it.
Once the game is over, the king and the pawn go back in the same box.
Post Reply