📄 ircwar.html
字号:
<HTML>
<HEAD>
<TITLE>The IRC Warfare Tutorial</TITLE>
<STYLE type=text/css>A:active {
TEXT-DECORATION: none
}
A:hover {
TEXT-DECORATION: underline
}
A:link {
TEXT-DECORATION: none
}
A:visited {
TEXT-DECORATION: none
}
</STYLE>
</HEAD>
<BODY TEXT="#CCCCCC" BGCOLOR="#000000" LINK="#99CCFF" VLINK="#CC99FF" ALINK="#CCFF00" leftMargin="20" topMargin="3" marginwidth="0" marginheight="0">
<CENTER>
<HR SIZE=1 NOSHADE WIDTH="60%"></CENTER>
<CENTER><FONT SIZE=+1>The IRC Warfare Tutorial</FONT></CENTER>
<CENTER>Written by <A HREF="mailto:talrun@actcom.co.il">The Cyber God</A></CENTER>
<CENTER><A HREF="http://blacksun.box.sk">http://blacksun.box.sk</A></CENTER>
<CENTER>
<HR SIZE=1 NOSHADE WIDTH="70%"></CENTER>
<P>Version 1.1, 24/9/99
<BR>Updated , 7/20/01 by <A HREF="mailto:rammal81@hotmail.com">Mikkkeee</A>
<BR>Converted to HTML by <A HREF="mailto:rammal81@hotmail.com">Mikkkeee</A>
<P><B><U>[Editor Notes]</U></B>
<BR>Please send comments, questions and feedback to <A HREF="mailto:talrun@actcom.co.il">talrun@actcom.co.il</A>
<BR>You can always visit us at <A HREF="http://blacksun.box.sk">http://blacksun.box.sk/</A>
<P><B><U>[Disclaimer]</U></B>
<BR>We will not help you actualize the things that you will learn here.
<BR>The information here is for educational purposes only (for learning
how the attacks are done and how to prevent them).
<BR>We are not responsible in any way for any damage that might happen
to you. This includes software damages and law issues.
<P><B><U>[Table Of Contents]</U></B>
<OL>
<LI>
<A HREF="#irc">What is IRC?</A></LI>
<LI>
<A HREF="#intro">An introduction to the way that IRC works</A></LI>
<LI>
<A HREF="#irc networks">Some notes on different IRC networks and their
daemon software</A></LI>
<LI>
<A HREF="#irc war">Why IRC wars started?</A></LI>
<LI>
<A HREF="#know me">What do the others know about me?</A></LI>
<LI>
<A HREF="#spoof">How to spoof / hide your identity on the IRC</A></LI>
<LI>
<A HREF="#bans/bypass">Bans and how to bypass them</A></LI>
<LI>
<A HREF="#nolikename">I don't like your nickname... / Getting a user off
the IRC</A></LI>
<LI>
<A HREF="#cought">Can I get caught and will I?</A></LI>
<LI>
<A HREF="#netsplit">What are netsplits and how can they help me?</A></LI>
<LI>
<A HREF="#takeover">Channel Takeovers</A></LI>
<LI>
<A HREF="#ruin">How To Completly Ruin A Channel</A></LI>
<LI>
<A HREF="#raw">Some expansion about RAW sessions</A></LI>
<LI>
<A HREF="#ctcp">Faking /ctcp replies</A></LI>
<LI>
<A HREF="#https">How to spoof via https proxys</A></LI>
<LI>
<A HREF="#warscript">War Scripts</A></LI>
<LI>
<A HREF="#editorial">Editorial - IRC wars, another perspective</A></LI>
<LI>
<A HREF="#packet">Some interesting articles by Packet</A></LI>
<LI>
<A HREF="#bib">Bibliography</A></LI>
</OL>
<A NAME="irc"></A><B><U>[What is IRC?]</U></B>
<BR>IRC stands for "Internet Relay Chat". Jarkko Oikarinen originally wrote
it in 1988. Since starting in Finland, it has been used in over 60 countries
around the world. It was designed as a replacement for the "talk" program
but has become much, much more than that. IRC is a multi-user chat system,
where people meet on "channels" (rooms, virtual places, usually with a
certain topic of conversation) to talk in-groups, or privately. There is
no restriction to the number of people that can participate in a given
discussion or the number of channels that can be formed on IRC.
<P><A NAME="intro"></A><B><U>[An introduction to the way IRC works]</U></B>
<BR>All the communications in the world of IRC are done through the server.
(This does not includes the DCC (Direct Client Communication) protocol)
<BR>When you connect to a server, you send it 2 commands: NICK & USER.
These commands are used to identify you on the IRC. Here is the format
of the commands:
<BR>NICK nickname - Sets your nickname
<BR>USER username host server :real name - Set your userid and real name.
Host is your host and server is the server you are connecting to.
<BR>For example to open a raw IRC session you can telnet to an IRC server
on port 6667 or 7000 (the standard ports). Here is an example for telneting
my localhost (note: the lines beginning with * have been written by me.
The rest are the output I got from the server):
<BR>* nick ^TCG^
<BR>NOTICE ^TCG^ :*** If you are having problems connecting due to ping
timeouts, please type /notice E3AA3478 nospoof now.
<BR>PING :E3AA3478
<BR>* user ^TCG^ 127.0.0.1 localhost :The Cyber God
<BR>:localhost 001 ^TCG^ :Welcome to the DALnet IRC Network ^TCG^!~tcg@thegod.actcom.co.il
<BR>:localhost 002 ^TCG^ :Your host is localhost[thegod.actcom.co.il],
running version dal4.6.7.DreamForge.win32
<BR>:localhost 003 ^TCG^ :This server was created Fri Jul 24 07:48:52 1998
<BR>:localhost 004 ^TCG^ localhost dal4.6.7.DreamForge.win32 oiwsghOkcfrRaAb
biklmnopstvR
<BR>:localhost 005 ^TCG^ NOQUIT TOKEN WATCH=128 SAFELIST :are available
on this server
<BR>:localhost 251 ^TCG^ :There are 0 users and 0 invisible on 1 servers
<BR>:localhost 253 ^TCG^ 4 :unknown connection(s)
<BR>:localhost 255 ^TCG^ :I have 0 clients and 0 servers
<BR>:localhost 265 ^TCG^ :Current local users: 0 Max: 0
<BR>:localhost 266 ^TCG^ :Current global users: 0 Max: 0
<BR>:localhost 422 ^TCG^ :MOTD File is missing
<BR>:^TCG^ MODE ^TCG^ :+iw
<BR>...
<P>ok
<P>As you can see, the second parameter of the USER commands includes my
IP. You might be thinking right now that you could enter any IP you want
and fake your IP. Well you are wrong. On really older versions of the IRC
daemon (Those that were used in Efnet), you WAS able to spoof your IP.
But today there are 2 types of antispoof-patches: The one that doesn't
care about the IP you entered and connects you using your real IP (which
it gets from the socket) and the other one just doesn't allow you to connect
to the server until you give your real IP address.
<BR>The first method of Anti-Spoofing is most used most in the server version
of DALnet and the second is used most by EliteIRCD (which is based on DALnet)
and the servers that are based on it.
<BR>Now, if it all goes ok then you just opened a raw session to IRC!
<BR>All the data transferred to the user (Private Messages/Notices and
Channel Events) is transferred from the server. If the user that sent you
a message is on a DIFFERENT server than you (but NOT a different network)
the message "moves" from the servers until it reaches your server and you.
To send someone a message in our raw IRC session type: 'PRIVMSG nick :message'
(without the quotes) where nick is the target nickname and message is the
message (You must include a : before the message).
<BR>When a message moves from server to server it looks like this:
<BR>:SenderNick PRIVMSG nick :message
<BR>All the IRC commands move from server to server like this. For example
when someone uses the NICK command ALL the servers get a notice about it.
<BR>
<P><A NAME="irc networks"></A><B><U>[Some notes on different IRC networks
and their daemon software]</U></B>
<BR>Different IRC networks have different IRC daemons. It is important
to know the futures / limits of the server your network uses. For example,
OLD Efnet servers don't know the +b channel mode (ban someone). When trying
to start IRC wars you need to know what are the limitations of the server.
If it got services, if so does they have a bug that can crash them? Can
you obtain Channel Operator in a net-split (we'll get to that)? And so
on... During the rest of this tutorial we will discuss different daemon
software and bugs, as well as different ways to "get in".
<P><A NAME="irc war"></A><B><U>[Why IRC wars started?]</U></B>
<BR>Generally, IRC wars started on the IRC network Efnet. In this IRC network
you can't register your nickname so ANYONE can use it. If for example someone
logged to this IRC network (By the way, did you know that it is the first
IRC network ever (!)) and he saw that his nick is taken. He probably said
something like "How Rude?!" or "Mother-F*cker" or anything else. Then he
started thinking about ways to get this user off the server. Users started
to try many different things on each other and that's pretty much how IRC
wars started. Today, users might start IRC wars "just for fun", or for
taking over channels they don't like or kicking off users they don't like.
<P><A NAME="know me"></A><B><U>[What do the others know about me?]</U></B>
<BR>OK people! This is actually the first important thing about the IRC
wars. Before starting out you need to know what others can find out about
you and what can you find out about them.
<P>If you are not connected through a BNC, firewall or a shell (we'll get
to this neat stuff later), what I mean, that if you are connected directly
to the IRC, using a dial-up for example users can first of all knows your
IP. Newbies might say right now, ok... well.... So he knows my IP... who
gives a shit anyway?
<BR>Well if you said this you are wrong. Let's take a look on my host (resolved
IP) for example:
<PRE>P34.haifa2.actcom.co.il
| | | |_ You can see that my ISP is in Israel, and so am I (unless
| | | I'm dialing to foreign ISPs just to cover my identity, which
| | | is a thing people don't do because of... financial issues).
| | |_ You can see that my ISP (Internet Service Provider) is Actcom
| |_ You can see that I am from Haifa ).
|_My modem number at the ISP's office.</PRE>
See how many things the host gave you?
<BR>1) My ISP
<BR>2) My city
<BR>3) My country
<BR>Now You can also know that if my ISP address is actcom.co.il you can
send complains about me to abuse@actcom.co.il for example, give them my
IP and tell them what I did to you and they will do the rest.
<P>That is what users know about you. Some times you will only see numbers
like 19.114.47.1 and not the host. That is because the server failed to
resolve your hostname. To resolve it you can download a program called
'nslookup' from somewhere (note: nslookup comes with all Unix systems),
give it the IP and it will try to resolve it. Also see the entry 'DNS Servers'
in the Newbies Corner.
<BR>Now, for those who don't know you can get the IP/host by "whoising"
the user.
<BR>To do a whois on a user in mIrc, BitchX, IRCii, Pirch and some other
known IRC clients all you need to do is type /whois nickname
<BR>To whois someone in our raw connection (the one I taught you how to
establish at the beginning) type 'whois nickname' (without the quotes)
<BR>Here is what I get when I whois my self in the raw connection:
<BR>whois ^TCG^
<BR>:localhost 311 ^TCG^ ^TCG^ ~TCG thegod.actcom.co.il * :The Cyber God
<BR>:localhost 312 ^TCG^ ^TCG^ localhost :test server
<BR>:localhost 317 ^TCG^ ^TCG^ 9 932030074 :seconds idle, signon time
<BR>:localhost 318 ^TCG^ ^TCG^ :End of /WHOIS list.
<BR>Ok, before I explain what you got here, here is the format:
<BR>Format: :server-name raw-number sender target data.
<BR>Server-name is the server that gives you the data.
<BR>Raw-number is the ID of the data you got (it is used to determine what
data you are getting).
<BR>Sender: the senders nickname (you!!).
<BR>Target: The target (The nick you are whoising).
<BR>Data: The data.
<BR>Now here is an explanation on all the 4 lines
<BR>In the first one you see the user-name and the host of the user, you
also see his real name:
<PRE>~TCG thegod.actcom.co.il * :The Cyber God
| | |_ The user's real name (you can fake this :))
| |_ The user host or IP
|
|_ The username (set by IdentD, will be explained later,
when followed by a '~' you see that the IdentD is NOT
running and the Ident (username) might be fake).</PRE>
<PRE>The second line:
localhost :test server
| |_ Comment about the server (set by the server admin)
|_ The server that user is connected to</PRE>
<PRE>Third line:
9 932030074 :seconds idle, signon time
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -