[Fun stuff to do]
If you get something like this ":nick!user@ip-address PRIVMSG your-nick :_VERSION_"
this means that nick is trying ctcp/version you. This command is used to find out your version.
Send the version back using the NOTICE command... it could be anything you want.
eg : NOTICE nick :_VERSION Telnet version 0.1 :) _
This will send "Telnet version 0.1 :)" as the version reply.
--[War Scripts]--
War scripts are usually scripts for IRC clients that contain features like Mass DEOP / Kick, channel takeover options, nukers, flooders, clones and sometimes bots. Some scripts even contain some nice and funny features that don't necessarily have something to do with IRC Warfare.
In this section I will briefly cover some of the more known war scripts and their features.
7th Sphere Script (c) 1996-1997 7th Sphere Enterprises
[email protected] - http://www.7thSphere.com
Pros: Easy setup, Nice protections, Automatically runs the Click nuker and fills-in all the needed values.
Cons: Protections are not customizable enough. Channel Takeover doesn't mass kick / ban the channel.
TRiBE (t7) By kefz(tribe) 19/11/98
http://www.tribe.roxx.ircnet.mcmail.com/
Pros: Excellent protections, Excellent socket flood clones and firewall flood clones. The best I have ever seen! Comes with a great set of utilities. Can automatically run click with all the options pre-configured. Excellent set of scripts / clients / bots exploits / backdoors.
Cons: None! Go get this script now!
Pkloss - PKFinal
Pros: Nice set of text files. Nice takeover. Nice tools. Generally nice :-)
Cons: Nice tools but you need to know how to run them. No site / ftp to d/l the script. :-(
MafiaScript 6.0
Pros: None
Cons: One big rip. This script is made from other scripts like ircN. No interesting and/or genuine stuff.
--[Editorial - IRC wars, another perspective]--
Note: Most of this is taken from an article that was written by Ntd ([email protected]). I feel that this article has the best perspective about the IRC wars.
Note 2: If you are a newbie and you think IRC wars are a great form of hacking, and doing complex attacks you might want to skip this chapter and read it another time.
IRC WAR? A LOAD OF SILLY NUKES
Right, first things first, nukes - or properly, Denial of Service (DoS) attacks - are technically nothing to do with IRC war. They operate directly from the attacker to the victim's IP, and IRC comes into it only inasmuch as it gives the attacker a ready source of IP addresses to attack, and perhaps a "motive" for doing it (e.g, "they banned me!"). But, attackers could just as easily collect IPs from services such as ICQ (which, incidentally, has to be one of the most idiotically insecure protocols ever invented, yet many people who bemoan IRC attack happily run ICQ, and probably don't even check the option to hide their IP which is useless anyway because there are lot of patches that will always show you the IP even if the user chose to hide it).
IRC WAR DOESN'T HELP IMPROVE SECURITY
Surely the stupidest argument against IRC war, is that unlike other forms of hacking, it does not help anybody because it doesn't contribute to increased security. There is a mass of evidence showing quite clearly that this is not the case. Why did Microsoft release a winsock that was not vulnerable to the port 139 OOB nuke? Because that nuke became so widely abused. Why do current versions of mIRC have an option to only enable the identd server during connection? Because mIRC 5.3 had an ident exploit with which mIRC could be crashed. Why, in fact, have flood attacks become so obsolete? Because ircds now contain anti-flood code written directly in response to flood abuse. Of course these attacks are irritating and disruptive at the time, but in the long term they have undoubtedly led to more secure code in operating systems, clients and irc daemons.
IRC WAR IS NOT REAL HACKING
Again, this stems from a misunderstanding of what IRC war is. Essentially there are two types: TCP/IP attacks (ICMP nuke, smurf, fraggle, ping of death) and ircd based attacks (nick collisions, lag collisions, serverops, hacking o:lines, bogus bans). While the first category are almost exclusively "lame cracking" (that is, the user needs only to download a program and can then use it without any actual knowledge), the second category is more ambiguous. I know one person who finds many exploits by working with the ircd code (which is of course almost always free for download) - and finding bugs by working with the source is as "real" as hacking can get. Within a few days of their implementation he found ways of bypassing the ircnet ircd patches designed to protect against open socks servers and deliberate nick collisions. He even found a method by which a normal client could completely crash a server remotely. And what did he do with this knowledge...?
DOS ATTACKS
Yes, they are illegal, and yes they are disruptive. Furthermore, many DoS attacks affect many more people than those targeted, the most obvious example being the smurf attack. I am one of a group of friends who run a few of the biggest channels on ircnet, and these channels are regularly attacked by war groups intent on taking them. I make no exaggeration when I say that several times a week, if not everyday, members of the original channel opers complain that they are being smurfed by members of groups attempting to take the channel. These smurf attacks are capable of taking down entire ISPs and that IRC warriors recklessly use these attacks against single users just to take an irc channel is utterly inexcusable in my opinion.
MOTIVATION
While there are some IRC warriors / hackers like the individual I described above, it is sadly true that there are many more who are acting from more dubious motives. To the people who resort to floods, nukes and such tools just because they are banned from channels, I say: you need to get out more.
What, then is my basic point? My conclusion is that IRC abuse and hacking is like any other branch of hacking - it ranges from the incredibly basic and lame to the actually quite skilled and beneficial. At the one end are the classic 13 year old hax0r wannabes with their CLICK.EXE, and I am in no way suggesting these people's behaviour should be excused or tolerated. However, I urge you all to be aware that at the other end of the scale exist talented, knowledgeable hackers discovering and revealing bugs in clients, OSes and ircds by a variety of methods and in doing so making IRC more secure for all of us.
--[Some intresting articles by Packet]--
=[Ping Flooding]=
1. =What is a ping?=
A ping is a small file (often 32 bytes) that is sent to another computer online
, in which the other computer replys. Basicly it is saying "hello" to another
computer. With this is also shows how long it took for the ping to get there
and back.
2. =So why is this usefull to me?=
well it can and it can not be usefull. If you are going to play a game like
quake/quake2 on a server, the faster the ping gets there and back the better.
Also, if you are on a fast connection you can nock people of there ISP
temperarily. This is called ping flooding, and can work very well. The best
thing to flood with is a T1 or better. Even if you don't have more than a
28.8 you can lag or kill someone. Here is an example of how ping works
<in dos prompt>
C:\ping 24.131.12.124
this would send a few 32byte packets to that host. Now, this won't do much
by itself...but there are more features to pinging that make it very usefull.
this is the command I often use
C:\ping -l 2800 -t -w 2000 24.131.12.124
(good for 28.8 users)
-l is the size of the packet to send, geneeraly you want to keep trying higher
numbers till you find the very most there connection can take....soon they
will be to lagged to do much, or get killed. -w is how long it waits till it
decides to time out.... -t keeps pinging the IP untill you hit CTRL+Break
there are some other cool switches like -n wich echo floods them, and -v
witch specifys the Terms Of Service
=[Net Splits]=
1. =[What is a NetSplit]=
The large irc servers work, is they link together to provide less lag and a
local server to many people. They link together so that people can talk and
do what ever and not have to be on the same server. What a netsplit is, is
when one server is lagged enough it breaks off from the rest of the servers
then becoming its own stand alone server untill it merges again.
2. =[Why Does this matter?]=
Well it can and it can't matter....It is possible to take over a channel
through netsplits. So it can matter if you want to protect yourself from
this, or do it yourself.
3. =[How do I protect myself?]=
The only way is to have netsplit protection. Alot of people do not like this
script, and I do not recomend using it unless you think someone is trying to
take your channel. When servers merge it trys to restore the settings as it
was before the split. So if you were a channel operator the server would OP
you, reset the modes etc etc. When someone takes a channel by a netsplit they
get opped by the server, so the script deops anyone who is opped by the server.
If you do use this script, make sure people can op themselves automaticly by
sending you a message. ...
4. =[How do I take a channel through this?]=
First you need a link looker, (which comes with this script). What a link
looker does is search for servers that are about to or have broken off. When
you find a server that has broken off, you need to quickly join that server
and go into the channel you want to take over. If no one else is on that server
you will be a channel operator. But this is not all you have to do, because
when the servers merge again it will deop you. You need to run the Dysnch script
which will fill the channel with bans and diffrent modes. Hopefully it will
screw up the already screwed channel enough that when the merge happens it
thinks you were a channel operator and you keep your OPS. Then you need to
quickly run the takeover script so that none of the netsplit protection (if
there are any) scripts deop you.
=[Advanced Nuking]=
Nuking is fun for the whole family, but sometimes it's not just "wham bam thank you ma'am". On
occasion, it requires you to be a little creative to successfully nuke someone. hopefully
we will give you some ideas on how to become a pheared nuker.
** Open ports:
In order to become a successful nuker, you must learn to find as much information about your
target as possible. One of the most important elements to nuking is finding the right ports
to nuke. the default IRC server ports are 6660-6669, with 6667 being the most commonly used.
One thing you may discover throughout your nuking 'career' is that most servers offer different
ports that are open for IRCing. The easiest way to find out the open ports is to check the
Message Of the Day, for 90% of all IRC servers will list their open ports in the motd. To get
the message of the day simply type '/motd irc.server.net'. This will display the motd and allow
you to find the open ports (usually). Now you can nuke these ports, increasing your chances of
success.
** Their Connection:
Another thing you may want to do is find out whether your target is on a shell account, or a
dial-up account. Under normal circumstances, dial-up users are easier to nuke then shell accounts
for reasons we won't go into right now. To find out which they are using, simply take the last
part of their IP and try to visit to the ISP's homepage. Again, there are many servers that
will describe their services on their web-page. Usually, if their ip is two or three legible
words only interupted by a period, then it is a shell. For instance,
"[email protected]" would most likely be a shell account, while
"[email protected]" is usually a dial-up.
** Nuking Shell Users:
If you're using windows, you should download a program that will allow you to finger a server.
Cyberkit is a good program, for it has Ping, Finger, Traceroute, etc.
get it at http://www.ping.be/cyberkit/cyber.zip, or go find one of your own. there are hundreds
to choose from. (no we're not being endorsed by cyberkit, it's just a kickass proggie)
Most shell account users will login from a dial-up account, and if finger is running on their
shell, it should display the dial-up IP address. Finger the server and once you know this, use
your nuker to disconnect them from their shell by replacing the IRC server with their shell
account address, and use the IP you found through finger as the client. Use ports 22 24 as the
server ports, in place of 6660 6669. Port 23 is the default telnet port, so nuking from 22 to 24
will effictivly disconnect them from their shell account. this usually causes your target to
quit irc with "Where did my controling terminal go?" quit message. it's pretty funny when it
works.
END OF FILE