February 2009 Archives

Tue Feb 24 17:28:56 CET 2009

list secret irc channels

Sometimes /list-ing channels is a nice way to find irc channels, but the more interesting ones always have +s mode set - and the ircds don't usually support listing so called "secret" channels for non ircops.. :)

Yet, this naming scheme is quite confusing, since the only thing +s really changes - at least on ircds run by popular networks such as efnet and ircnet - is not listing the channel in /who and /list and commands alike.
Direct requests to the channelname on the other hand will reveal the info inspite of any +s oder +p modes.

Since I thought about publishing one or another irc script from my stash anyway, here is a small irc bot which will join to a specified channel and list all secret channels it finds by iterating a given wordlist - which can be quite a lot..

Download

toomanysecrets.pl [perl bot for listing +s channels]

Required

You'll need to have Net::IRC installed, either via cpan or via package manager, on debian/ubuntu this is libnet-irc-perl.

Config

You should edit the skript and set irc server and port as well as a channel in which the bot will list all the found channels. You can remove the channel and it will just save the channellist to disk.
Crawling through huge wordlists, you might want to decrease the request-delay of the bot since it's quite high to avoid being klined.

Usage

just run perl toomanysecrets.pl and wait for the bot in the designated channel.

License

BSD License - just do not use it for illegal purposes and stuff.


Posted by iso | Permanent Link | Tags: warez, mumbo jumbo, irc, hpa | comments >>

Thu Feb 12 16:41:42 CET 2009

those annoying inconsistencies

Just a very short addition to my unexpected mysql timestamp behaviour: Once again I was fooled by the following:

mysql> select datediff(now(), '2009-01-01');
+-------------------------------+
| datediff(now(), '2009-01-01') |
+-------------------------------+
| 42 |
+-------------------------------+
1 row in set (0.00 sec)

which is fine. But on the other hand:

mysql> select timestampdiff(day, now(), '2009-01-01');
+-----------------------------------------+
| timestampdiff(day, now(), '2009-01-01') |
+-----------------------------------------+
| -42 |
+-----------------------------------------+
1 row in set (0.00 sec)

This is more or less just as bad as all those inconsistencies among php functions with their always surprising naming and parameter order..


Posted by iso | Permanent Link | Tags: php, mysql, annoyance | comments >>

Thu Feb 12 16:22:09 CET 2009

deactivating openssl renegotiation

This happened way too often, so I'll write it down as a quick reminder:

Openssl in s_client mode will renegotiate a connection whenever a line starts with the letter R - which is an especially bad choice when you're using it to connect to an smtp server.

For example:
~# openssl s_client -host smtp.hushmail.com -port 465
CONNECTED(00000003)
[certificate..]
---
220 smtp.hushmail.com ESMTP Postfix
HELO checko
250 smtp.hushmail.com
MAIL FROM: supergeek@uberfreak.net
250 2.1.0 Ok
RCPT TO: lostgeek@hushmail.com
RENEGOTIATING
depth=2 /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0

So every time you try to enter RCPT the connection will be renegotiated, rendering it useless for sending mail - as a sidenote Q should also be avoided..

Since I always look it up, here it is once and for all:

openssl s_client -ign_eof -crlf -host $host -port $port

would be the correct way to go.


Posted by iso | Permanent Link | Tags: nerd stuff, annoyance, linux | comments >>