Exploits Explained II The _2_000 bug by amir88xx

VIEWS: 7 PAGES: 2

									Exploits Explained II: The #2,000 bug / by R a v e N (blacksun.box.sk)
<====================================================================>
version 1.1, 27/10/99
Note: this hole was initially discovered by ^TCG^ aka The Cyber God,
another member of BSRF.
Note 2: this hole might (and probably will) get fixed sooner or later,
and then this text will become obsolete. Don't Email me (btw my address
is barakirs@netvision.net.il if you
have RELEVANT questions) if it doesn't work.
Note 3: please read the note (yes, another note...   :-) ) about this
"bug" at the end of the tutorial.


Go online. Start your favorite IRC client. Now connect to a popular IRC
network. Join a few channels, and then join channel #2,000.
Huh? What the hell just happened?

This bug works on the following IRC networks:

EliteIRCD and it's clones - Any versions
DALnet
DreamForge - Any version
EFNet
RelicNet
IRCNet
ConferenceRoom - Any version, any OS

Soooooo... what exactly happens here?
Well, if you're on either one of these networks and you join #2,000 you
get kicked out of every channel you are in. Well, not exactly "kicked
out". To the outside user it will look
like you simply did /part (/part #channel-name is the command that is
used to leave an IRC channel) on every channel you are in.
So in other words, joining #2,000 get's you "/parted" from every channel
you're in.
Why is this important? Here are some very nasty things you can do with
this stupid bug:

1) Suppose there's a bot you want to kick off a certain channel (for
example: this bot guards the channel and autokicks and maybe bans people
who try to take over), but the only
thing you are allowed to do with the bot is to make it join channels. No
problemo! Simply make it join #2,000.
2) Someone you hate just got OPped by the owner of the channel, an AOP
(Auto-OP: a person that has AOP gets automatically OPped whenever he
joins the channel), an IRCOP, an OP
etc'. After a while, the guy that OPped that other guy you hated
vanished. Now, if the OPped guy will leave and rejoin the channel, he
will lose his OP 'cause he doesn't have AOP.
Simply ask him to join #2,000 (tell him that you want to speak with him
about something or that it's some interesting channel. It doesn't matter,
as long as it sounds convincing).
He will join #2,000, get /parted from every channel, thus have to rejoin
the channel - but this time, no OP!!
3) You can play lots of pranks on people by telling them to join #2,000.
Hell, you can even tell someone that it's because of the Y2K bug, and
that he has to turn off his PC and
send it to a computer store so they'll fix it and charge him for 200$.
4) If someone has created a channel that you wanted to own but didn't
register himself as the owner yet, you can ask him to join #2,000. He
will get parted from the channel, and
then all you'll have to do is to rejoin the channel, get OP ('cause
you'll be the only one left in the channel) and register yourself with
chanserv as the owner of the channel (it
is recommended to ban the other guy that you hate so he won't be able to
take over the channel or anything before you finish registering it.
5) If someone has the "auto join on invite" (automatically joins a
channel you are invited to) option turned on, you could invite him to
#2,000 and... whoops!   :-)
6) I dunno, think of something yourself! I have better things to do with
my life.    :-)


Oh, by the way, this bug doesn't just work on #2,000. It also works on
#1,000, #3,000 etc'. But #2,000 is cooler, 'cause it's like some kind of
a Y2K bug in IRC... lol.
Why? Because, when joining #2,000, you're actually joining #2, and then
0, and then 0, and then 0. Joining 0 parts you from all the channels
you're in, so this is why /join 0, /join #1,500 etc' will do the same
thing.
The following information was sent to me by Joan Luis Pinto.
Here is a snip of another Email which I have received from Erik Iverson:

Some IRC clients, like the one we are currently developing here at
Dragonmount Networks, automatically add a # in front of channel names if
not present. Then this trick won't work. It will change it to "/join
#0". mIRC's "/j" alias works in this way too I believe.




More tutorials and mini-tutorials on our website - http://blacksun.box.sk

								
To top