efknockr- internet relay chat drive-by tool |
git clone git://git.acid.vegas/efknockr.git |
Log | Files | Refs | Archive | README | LICENSE |
EFknockr
WARNING: This is simply a PROOF-OF-CONCEPT that outlines major flaws in how we use IRC currently!
WARNING: This repository was made for testing against your own server(s). I am not responsible for the public use.
Information
This is basically an IRC drive-by. It takes a list of IRC servers, connects to all of them & joins every channel to send a custom message. You can also have it mass highlight & mass private message the channels for more attention to your message. It will do various things to make sure it does not get banned, throttled, or detected.
Proxy scanning is included as an option, which will find thousands of new proxies on every loop. Combine that with the daemon mode (24/7 knocking) & this becomes un-stoppable. Tied with a residential proxy service & this becomes a problem.
The humor behind this script is that anyone can mass portscan 0.0.0.0/0 (the entire IPv4 range) for port 6667 & essentially send a message to every IRC server on the internet. But I have heard a rumor that doing so will only affect channels that are boring, lame, & shitty :) :) :)
I am not going to get into how to set this up or use it. This is simply here to serve as a proof-of-concept.
Previews
Here are some examples of people using EFknockr:
Disclaimer
The proof-of-concept here is a classic example of the on going problem wtih using standard ports for known services on IPv4.
Both SSH & Telnet world-wide get thousands of login attempts daily because of this. IRC is no different & is certainly not excluded from this problem.
Welcome to the fucking state of the Internet boyz
I am well aware that people might use this script for malicious purposes....as they should. We cannot just be oblivious to major problems with networked services. IRC is a very small space in modern day. Becasue of that, it seems like setting up an IRCd is all people cared to learn...skipping over what it means to be a network operator.
It is no different than being a sysadmin
I have dealt with IRC flooding for years. Most times, I rarely have to tocuh the keyboard to handle it. Everything is laid out in the IRCd documentation. Big shout outs to UnrealIRCd for ~~being the BEST FUCKING IRC DAEMON EVER!~~
Anyways...at the end of the day...it is text on a screen. It is just text on a screen. Quite often lost in the backlog after a short period...
Todo
- Invite support
- Parse
MAXTARGETS
&MAXCHANNELS
from 005 responses for fine tuned spamming - UTF-16 Bot crashing for improper unicode decoding
- Weechat DCC buffer-overlfow exploit (See here)
- OpenSSL crash exploit (See here)
/LIST
tarpit detection & evasion- Scramble the order of operations to be entirely random to thwart fingerprinting
- Drop unicode for normal letters to thwart spamfilters
- Add unifuck option
- Do not knock on channels we registered