ircwar.html

a collection of mega hacking tools

<BR>Channel takeovers are used to take a channel from a user, and prevent
him from reentering the channel or gaining operator status in the channel.
The first thing you need to do is to get ops. Here are 4 ways to get ops:
<BR>1. Via a NetSplit. (might take a lot of time)
<BR>2. Asking one of the ops to let you be an op (Who knows? You might
get lucky).
<BR>3. Running a bot on your computer or on a shell account and telling
the other ops that it is online 24 hours a day, and ask them to op it.
They might do it, then tell the bot to op you.
<BR>4. You can always lure the other ops into giving you op by telling
them that you will advertise their channel and bring them users and you
might earn the ops status.
<BR>You can do nothing without the OP status. Here is what you do after
you got an op and you want to close they're channels:
<BR>1. First, mass de-op all the users so they won't kick or ban you. There
are a lot of scripts out there that will do this for you.
<BR>2. Then place a ban on *!*@*
<BR>3. Mass-Kick the channel (also with a script)
<BR>4. After this set the following modes: +smilk 1 1 (you type /mode #Channel
+smilk 1 1)
<BR>5. You took over the channel! :)
<BR>There is a problem with this, when you will leave the channel he will
get empty and then closed. The only solution for this is placing a 24/7
(24 hours a day, 7 days a week) bot in the channel. If channel services
are available on this network (Like in DALnet), you can register the channel
if no one else have done this already.
<BR>If you took over a registered channel, you will have a problem keeping
it because Channel Services can give the channel back to its legal owner
with no problem.

<P><A NAME="ruin"></A><B><U>[How to completely ruin a channel]</U></B>
<BR>Here are some possible ways to completely ruin a channel:
<BR>1) Turning the channel into an invite-only channel, so only people
who were invited (to invite people, type /invite nick) can join.
<BR>2) Making the channel password-protected.
<BR>3) Making sure that you are the only OP in the channel and then turning
the channel into moderated mode and then mass-devoicing everyone. In moderated
mode, only voiced users (people with a little + in the beginning of their
nick. To voice people, do /mode #channel +v nick or -v to devoice) can
talk. That way, users will be able to see who is on the channel (note:
you can see who's on a channel without joining it by typing /names #channel),
but they won't be able to chat, and they will have to listen to you...
:)

<P><A NAME="raw"></A><B><U>[Some expansion about RAW sessions]</U></B>
<BR>Too lazy to read RFC ?
<BR>Well, this is the "SUMMARY" of rfc1459 (IRC Protocol). Hopefully after
reading this you'll have better understanding of how the protocol work
(hey... don't just use it... try to understand how it work). Yeah... this
is also how some people spoof their IP by telneting from some restricted
shell account with no IRC client access.

<P>[Connecting to the IRC daemon]

<P>Telnet/netcat (yep... we're gonna use a raw socket) to the IRC port
(6667/6668..etc) of the IRC server.

<P>eg &lt;:> telnet irc.dal.net 6667

<P>Send your nick &amp; username to be recognized after u got connected
using the user command in this form "user&nbsp;<username><hostname><servername><realname>".

<P>eg &lt;:> user nobody localhost localhost :I'm nobody nick nobody

<P>-------------------------[!! NOTE !!]-------------------------
<BR>At any time if your receive anything like this
<BR>ping :1234567 &lt;-- The sequence number change all the time
<BR>or
<BR>ping :192.0.0.1 &lt;-- Some IP address

<P>You must send back the number with a pong
<BR>eg &lt;:> pong :1234567
<BR>or
<BR>pong :192.0.0.1

<P>If you don't pong back, you'll be disconnected with a ping timeout error.
<BR>---------------------[!! END OF NOTE !!]-------------------

<P>[Exploring some basic commands]

<P>Ok, after the nick &amp; user commands you can start chatting now. Type
join #channel (Without the /) to join #channel.

<P>(Yea... most commands you use in your BitchX or mIRC client can also
be
<BR>used here too...just don't include the /
<BR>eg: part #channel
<BR>quit :I'm out
<BR>etc... )

<P>To send your message to a channel, use the privmsg command.

<P>eg &lt;:> privmsg #channel : Hi guys...Sup? (Dont forget the ":" if
you are going to send more then one word)

<P>This will send "Hi guys...Sup?" to #channel

<P>To send a private message to a user:
<BR>eg &lt;:> privmsg nickname : HI ya

<P>This will send "HI ya" to nickname.

<P>To set a mode on a channel you simply type mode #channel mode.
<BR>For example, MODE #Channel +b 192.114.*.* will ban everyone that they're
IP begin with 192.114.

<P>[Fun stuff to do]

<P>If you get something like this ":nick!user@ip-address PRIVMSG your-nick
:_VERSION_"
<BR>this means that nick is trying ctcp/version you. This command is used
to find out your version.
<BR>Send the version back using the NOTICE command... it could be anything
you want.

<P>eg : NOTICE nick :_VERSION Telnet version 0.1 :) _

<P>This will send "Telnet version 0.1 :)" as the version reply.

<P><A NAME="ctcp"></A><B><U>[Faking /CTCP Replies]</U></B>

<P>Now many of you guys chat and have various people always doing{Client
for Client Protocol} CTCP replies, ie.&nbsp; VERSION, TIME, FINGER, PING&nbsp;&nbsp;
replies on you. These replies can get you in a lot of trouble, mainly its
a way for people to gather information about you then start up an attack.&nbsp;
Now it is time to change the replies your mirc will give in a way to cause
the other end to be fooled. Well this topic has been covered by many writers
and warscript developers, but many don't know about changing the replies
to their advantage, well look no further, here we go!

<P>One of the most devistating attacks can come from a VERSION reply.

<P>To do a ctcp&nbsp; version reply&nbsp; on a user, all you have to do
is type:
<BR>"/ctcp &lt;nick> VERSION " This will return the nick's irc client.
Now you may ask why is that important? Well lets say your using mirc 5.7x
which suffers from heap overflow of 217 bytes, and 5.8 heap overflow of
226 bytes&nbsp; by knowing your version an attacher already knows which
operating system your using and a version, so they can hack you without
a trojan and you won't know it happened.
<BR>Lets kill the version reply to either give a fake reply or no reply
at all so they can sit there waiting, lol.
<BR>Okay you will need a hex editor for this, I recomment Hiew, get it
<A HREF="http://protocols.cjb.net">here!</A>
<BR>-make a backup of your mirc32.exe.
<BR>-install hiew, load it up, once you have clicked mirc32.exe now you
will see some garbage, click F7 that should popup the search box, type
in VERSION you should be able to find the reply something like mIRC32 v5.8
K.Mardam-Bey. Now just delete the reply. If you have trouble doing it with
Hiew then get another hex editor, there are many around but its the best.
So save and exit. Now you can chose to have no Version reply to make your
attacker suffer from waiting when there isn't going to be a reply or you
can fake your reply to trick him.
<BR>Lets trick the attacker:

<P>Load up you mirc, then goto&nbsp; the tools menu, then click " Remote
". There you should see a box,
<BR>now simply write this mini script,
<BR>&nbsp;
<CENTER><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 COLS=1 WIDTH="80%" BGCOLOR="#666666" >
<TR>
<TD><B><FONT COLOR="#FF9900">&nbsp;ctcp 1:VERSION:{</FONT></B>&nbsp;
<BR><B><FONT COLOR="#FF9900">&nbsp;.notice $me Recieved CTCP VERSION from
$nick $+ / $+ $site</FONT></B>&nbsp;
<BR><B><FONT COLOR="#FF9900">&nbsp;ctcpreply $nick VERSION "write your
reply here, make it funny" |&nbsp; halt</FONT></B>&nbsp;
<BR><B><FONT COLOR="#FF9900">&nbsp;}</FONT></B></TD>
</TR>
</TABLE></CENTER><BR>
So now we have faked our ctcp reply it should look like this, if we faked
it to have no reply

<P>/ctcp Mikkkeee VERSION

<P>-> [Mikkkeee] VERSION
<BR>-
<BR>[Mikkkeee VERSION]
<BR>-
<BR>&nbsp;

<P>Well now the attacker will keep waiting and waiting.

<P>Lets fake some more,
<BR>Another ctcp reply that can be of usage is /ctcp &lt;nick> PING
<BR>This reply of your ping will tell the attacker&nbsp; the speed of your
connection and if your lagging, wink wink he might want to do a dos attack
and boot you, so lets fake the reply to our advantage.
<BR>Same as above write this mini script in our tools, then "remote"

<BR>&nbsp;
<CENTER><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 COLS=1 WIDTH="61%" BGCOLOR="#666666" >
<TR>
<TD><B><FONT COLOR="#FF9900">&nbsp;ctcp 1:PING:{</FONT></B>&nbsp;
<BR><B><FONT COLOR="#FF9900">&nbsp;ctcpreply $nick PING&nbsp; "your pings
number in sec" | halt</FONT></B>&nbsp;
<BR><B><FONT COLOR="#FF9900">&nbsp;}</FONT></B></TD>
</TR>
</TABLE></CENTER><BR>
Usually I have mine set to 1 sec , but you can make it funny like 690263165
sec, which would leave the attacker fooled/confused.

<P>Another reply that can cause you a bit of harm is /ctcp &lt;nick > TIME&nbsp;
which will send the other user, your local time/date. This is very bad
cause if your busy trying to bounce your ip over wingates and proxys and
now your ip is somewhere in Asia, and someone does ctcp TIME then they
will know your true&nbsp; location in the world, which can hurt your spoofing
tricks.
<BR>So lets fake it to our advantage!

<BR>&nbsp;
<CENTER><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 COLS=1 WIDTH="60%" BGCOLOR="#666666" >
<TR>
<TD><B><FONT COLOR="#FF9900">&nbsp; ctcp 1:TIME:{</FONT></B>&nbsp;
<BR><B><FONT COLOR="#FF9900">&nbsp; ctcpreply $nick TIME&nbsp; "your new
time" | halt</FONT></B>&nbsp;
<BR><B><FONT COLOR="#FF9900">&nbsp; }</FONT></B></TD>
</TR>
</TABLE></CENTER><BR>
your new time can be something like, Tue Jun 12 22:23:17 1989&nbsp;&nbsp;
be creative!

<P>Another ctcp reply that can be used to gather some info on you is /ctcp
&lt;nick> FINGER
<BR>its not a big deal but it simply replies what you have told it to reply,
so just fake everything.
<BR>hope that helps!
<BR>

<P><B><U>[<A NAME="https"></A>How to spoof via https proxys]</U></B>

<P>Now this idea is very creative, and I just found a little program that
you can use to do it.&nbsp; It is called <A HREF="http://deny.de/sss/telplug.html">ThroughTheFire
0.9 </A>which is able to spoof your ip via https proxys. It is a new innovation
in spoofing, lol !You can also use this program to spoof telnet and i guess
ftp sufing. Well all you have to do now is find working https proxy lists.
To do so just type in <A HREF="http://ww.altavista.com">ww.altavista.com</A>
<BR>+"Https proxy" and you should get some results, maybe not working results.
Read the
<BR><A HREF="http://blacksun.box.sk/search2.txt">Search Engines Ripped
Apart</A> tutorial&nbsp; to see other methods on using search engines.
<BR>&nbsp;
<BR>&nbsp;

<P><A NAME="warscript"></A><B><U>[War Scripts]</U></B>
<BR>War scripts are usually scripts for IRC clients that contain features
like Mass DEOP / Kick, channel takeover options, nukers, flooders, clones
and sometimes bots. Some scripts even contain some nice and funny features
that don't necessarily have something to do with IRC Warfare.

<P>In this section I will briefly cover some of the more known war scripts
and their features.

<P>7th Sphere Script (c) 1996-1997 7th Sphere Enterprises
<BR>Support@7thSphere.com - http://www.7thSphere.com
<BR>Pros: Easy setup, Nice protections, Automatically runs the Click nuker
and fills-in all the needed values.
<BR>Cons: Protections are not customizable enough. Channel Takeover doesn't
mass kick / ban the channel.

<P><A HREF="http://www.tribe.roxx.ircnet.mcmail.com/">TRiBE (t7)</A> By
kefz(tribe)
<BR>Pros: Excellent protections, Excellent socket flood clones and firewall
flood clones. The best I have ever seen! Comes with a great set of utilities.
Can automatically run click with all the options pre-configured. Excellent
set of scripts / clients / bots exploits / backdoors.
<BR>Cons: None! Go get this script now!

<P><A HREF="http://www.pairc.com/pnp/400.html">Peace and Protection 4.0</A>
<BR>Pros: Get it and see for your self, simply a work of art!
<BR>Cons: Too many good tools, lol

<P><A HREF="http://www.modx.co.uk/wangproducts/index.htm">Wang Script 3.5
pro</A>
<BR>Pros: Wang Clone, Trojan scan, Password protection, nickname find,
ctcp masking, email checking/sending, clone scanner, anti takeover, info