Botnet Raw Traffic

From Eggdrop Wiki

(Difference between revisions)
Jump to: navigation, search
(Clarify Link Process some more)
(Prettify table as it doesn't know the wikitable-class. Plus some minor typo and nowiki-fixes.)
Line 5: Line 5:
The "<" and ">" around text mean this is no literal text, if literal "<" or ">" is meant, a "\" will precede it (and same for "\" then which becomes "\\").
The "<" and ">" around text mean this is no literal text, if literal "<" or ">" is meant, a "\" will precede it (and same for "\" then which becomes "\\").
-
{| class="wikitable"
+
{| style="border: 1px solid #a2a9b1; border-collapse: collapse; margin: 1em 0; color: #222; background-color: #f8f9fa;"
-
|+Linking between bots that have sucessfully linked before (they have correct passwords set).
+
|+ style="font-size: large; font-weight: bold; line-height: 1.5;" | Linking between bots that have sucessfully linked before (they have correct passwords set).
-
!A -> B
+
!scope="col" style="border: 1px solid #a2a9b1; padding: 0.2em 0.4em; background-color: #eaecf0;" | A -> B
-
!A <- B
+
!scope="col" style="border: 1px solid #a2a9b1; padding: 0.2em 0.4em; background-color: #eaecf0;" | A <- B
-
!Reaction
+
!scope="col" style="border: 1px solid #a2a9b1; padding: 0.2em 0.4em; background-color: #eaecf0;" | Reaction
-
!Notes
+
!scope="col" style="border: 1px solid #a2a9b1; padding: 0.2em 0.4em; background-color: #eaecf0;" | Notes
|-
|-
-
|<A-botnet-nick>
+
| style="border: 1px solid #a2a9b1;" | <A-botnet-nick>
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|Sent when a connection is established.
+
| style="border: 1px solid #a2a9b1;" | Sent when a connection is established.
|-
|-
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|0xFF 0xFB 0x05
+
| style="border: 1px solid #a2a9b1;" | 0xFF 0xFB 0x05
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|Telnet control codes (see RFC 854 and RFC 875) sent when a connection is received. No newline and no spaces.
+
| style="border: 1px solid #a2a9b1;" | Telnet control codes (see RFC 854 and RFC 875) sent when a connection is received. No newline and no spaces.
|-
|-
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|<B-telnet-banner>
+
| style="border: 1px solid #a2a9b1;" | <nowiki><B-telnet-banner></nowiki>
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|Only sent when "use-telnet-banner" is set to 1 in conf.
+
| style="border: 1px solid #a2a9b1;" | Only sent when "use-telnet-banner" is set to 1 in conf.
|-
|-
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|<B-stealth-prompt>
+
| style="border: 1px solid #a2a9b1;" | <nowiki><B-stealth-prompt></nowiki>
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|Since v1.8.4; default "\n\nNickname." and only used when "stealth-telnets" is set to 1 in conf, otherwise language code 0x53e is used from the core.*.lang file prepended with "\n\n".
+
| style="border: 1px solid #a2a9b1;" | Since v1.8.4; default "\n\nNickname." and only used when "stealth-telnets" is set to 1 in conf, otherwise language code 0x53e is used from the core.*.lang file prepended with "\n\n".
|-
|-
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|(If you are new, enter 'NEW' here.)
+
| style="border: 1px solid #a2a9b1;" | (If you are new, enter 'NEW' here.)
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|Only sent when "open-telnets" is set to 1 in conf.
+
| style="border: 1px solid #a2a9b1;" | Only sent when "open-telnets" is set to 1 in conf.
|-
|-
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|starttls
+
| style="border: 1px solid #a2a9b1;" | starttls
-
|<A-botnet-nick>
+
| style="border: 1px solid #a2a9b1;" | <A-botnet-nick>
-
|Since v1.8.0; only sent when compiled with TLS enabled.
+
| style="border: 1px solid #a2a9b1;" | Since v1.8.0; only sent when compiled with TLS enabled.
|-
|-
-
|starttls -
+
| style="border: 1px solid #a2a9b1;" | starttls -
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|starttls
+
| style="border: 1px solid #a2a9b1;" | starttls
-
|Since v1.8.0; only sent when compiled with TLS enabled.
+
| style="border: 1px solid #a2a9b1;" | Since v1.8.0; only sent when compiled with TLS enabled.
|-
|-
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|passreq \<<B-pid in hex><B-current time in hex>@<B-botnet-nick>\>
+
| style="border: 1px solid #a2a9b1;" | passreq \<<nowiki><B-pid in hex><B-current time in hex>@<B-botnet-nick></nowiki>\>
-
|<A-notnet-nick>
+
| style="border: 1px solid #a2a9b1;" | <A-botnet-nick>
-
|Since v1.3.29; the argument is used as challenge for the other bot to generate an MD5 hash. Before there was no argument.
+
| style="border: 1px solid #a2a9b1;" | Since v1.3.29; the argument is used as challenge for the other bot to generate an MD5 hash. Before there was no argument.
|-
|-
-
|digest <A-MD5 hash>
+
| style="border: 1px solid #a2a9b1;" | digest <A-MD5 hash>
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|passreq <.*>
+
| style="border: 1px solid #a2a9b1;" | passreq <.*>
-
|Only sent when a "passreq" was received with challenge, otherwise the pass is sent in cleartext without "digest ".
+
| style="border: 1px solid #a2a9b1;" | Only sent when a "passreq" was received with challenge, otherwise the pass is sent in cleartext without "digest ".
|-
|-
-
|*hello!
+
| style="border: 1px solid #a2a9b1;" | *hello!
 +
| style="border: 1px solid #a2a9b1;" |
 +
| style="border: 1px solid #a2a9b1;" |
 +
| style="border: 1px solid #a2a9b1;" |
|-
|-
-
|version <eggnumver> ? ? <eggstringver> \<network\>
+
| style="border: 1px solid #a2a9b1;" | version <eggnumver> ? ? <eggstringver> \<network\>
 +
| style="border: 1px solid #a2a9b1;" |
 +
| style="border: 1px solid #a2a9b1;" |
 +
| style="border: 1px solid #a2a9b1;" |
|-
|-
-
|
+
| style="border: 1px solid #a2a9b1;" |  
-
|version <eggnumver> ? ? <eggstringver> \<network\>
+
| style="border: 1px solid #a2a9b1;" | version <eggnumver> ? ? <eggstringver> \<network\>
 +
| style="border: 1px solid #a2a9b1;" |
 +
| style="border: 1px solid #a2a9b1;" |
|-
|-
-
|tb <Ahandle>
+
| style="border: 1px solid #a2a9b1;" | tb <Ahandle>
 +
| style="border: 1px solid #a2a9b1;" |
 +
| style="border: 1px solid #a2a9b1;" |
 +
| style="border: 1px solid #a2a9b1;" |
|-
|-
-
|j !<Ahandle>
+
| style="border: 1px solid #a2a9b1;" | j !<Ahandle>
 +
| style="border: 1px solid #a2a9b1;" |
 +
| style="border: 1px solid #a2a9b1;" |
 +
| style="border: 1px solid #a2a9b1;" |
|}
|}

Revision as of 23:58, 12 November 2018

This page is meant to explain the botnet "protocol" eggdrop uses to send traffic between bots. DO NOT confuse these "flags" with the normal bot flags used on the partyline. If you are just trying to link your bots or share userfiles, this page is not for you!

Contents

Link Process

Bot A is the initiating side (used ".link" or has a bot entry with "+h" or "+a" in it's userfile). It should be noted that due to networking principles, there is no strict order between input arriving at A and B, meaning: output sent by A can arrive as input at B before or after certain output from B arriving as input at A. It is listed under the "Reaction" column to what input this output is sent. The "<" and ">" around text mean this is no literal text, if literal "<" or ">" is meant, a "\" will precede it (and same for "\" then which becomes "\\").

Linking between bots that have sucessfully linked before (they have correct passwords set).
A -> B A <- B Reaction Notes
<A-botnet-nick> Sent when a connection is established.
0xFF 0xFB 0x05 Telnet control codes (see RFC 854 and RFC 875) sent when a connection is received. No newline and no spaces.
<B-telnet-banner> Only sent when "use-telnet-banner" is set to 1 in conf.
<B-stealth-prompt> Since v1.8.4; default "\n\nNickname." and only used when "stealth-telnets" is set to 1 in conf, otherwise language code 0x53e is used from the core.*.lang file prepended with "\n\n".
(If you are new, enter 'NEW' here.) Only sent when "open-telnets" is set to 1 in conf.
starttls <A-botnet-nick> Since v1.8.0; only sent when compiled with TLS enabled.
starttls - starttls Since v1.8.0; only sent when compiled with TLS enabled.
passreq \<<B-pid in hex><B-current time in hex>@<B-botnet-nick>\> <A-botnet-nick> Since v1.3.29; the argument is used as challenge for the other bot to generate an MD5 hash. Before there was no argument.
digest <A-MD5 hash> passreq <.*> Only sent when a "passreq" was received with challenge, otherwise the pass is sent in cleartext without "digest ".
*hello!
version <eggnumver> ? ? <eggstringver> \<network\>
version <eggnumver> ? ? <eggstringver> \<network\>
tb <Ahandle>
j !<Ahandle>

Share Process

Botnet Raw Flags

(If two flags are shown, such as pi/ping, the first is NO_OLD_BOTNET, second is !NO_OLD_BOTNET)

Core Botnet

/linked
(?)
/uf-no
(?)
/unaway
(?)
/userfile?
(?)
a/actchan
(?)
aw/away
(?)
bye
(?)
c/chan
(?)
ct/chat
(?)
e/error
(?)
el
(?)
f!/filerejecct
(?)
fr/filereq
(?)
fs/filesend
(?)
h/handshake
(?)
i/idle
(?)
i?/info? [idx:user@bot]
Request info to fill out 'botinfo' command
j/join
(?)
l/link [idx:user@bot viaBot targetBotToConnect]
Link via bot to target bot
m/motd
(?)
n/nlinked
(?)
nc
"nick change"
p/priv
(?)
pi/ping
ping: Once a minute, send ping to each bot (Hub to leaf only?)
po/pong
pong: Reply to a 'pi' commamd
pt/part
(?)
r/reject
(?)
s
(?)
starttls
(?)
t/trace
(?)
tb/thisbot
(?)
td/traced
(?)
u/update
(?)
ul/unlink [idx:user@bot connecetedHub targetBotToDisconnect]
Tells the target bot specified to disconnect from the botnet (not used to disconnect self from botnet)
un/unlinked
(?)
v
(?)
w/who [user@bot, dest bot, chan(?)]
Requests who is on a bot
z/zapf
putdcc
zb/zapf-broad
putdccall

Sharing

All share commands (anything that is placing info into the userfile) are prefixed with a 's'. These flags are the second argument of that line. Example, adding flags to a user would look like 's a user pflo', but this section will only list the 'a' flag. The following list is sorted and each command has it's arguments listed. Mandatory arguments are within <>, optional within []. At the end of the explanation, the dcc commands triggering the share command, are listed between ().

!
End of share communication (not of the share connection)
+b <hostmask> <expires_at_epoch> <flag> <handle_of_requester> <reason>
Add global ban. Flag can be "s" (sticky), "p" (permanent) or "-" (none). (".+ban")
+bc <hostmask> <expires_at_epoch> <channel> <flag> <handle_of_requester> <reason>
Add channel ban. See "+b" for flags. (".+ban")
+bh <bot_handle> <hostmask>
Add a hostmask to a bot. (".+host")
+cr <handle> <channel>
Add a channel record (".+chrec")
+e <hostmask> <expires_at_epoch> <flag> <handle_of_requester> <reason>
Add global exempt. See "+b" for flags. (".+exempt")
+ec <hostmask> <expires_at_epoch> <channel> <flag> <handle_of_requester> <reason>
Add channel exempt. See "+b" for flags. (".+exempt")
+h <handle> <hostmask>
Add a hostmask. (".+host")
+i <hostmask> <expires_at_epoch> <flag> <handle_of_requester> <reason>
Add ignore. See "+b" for flags. (".+ignore")
+inv <hostmask> <expires_at_epoch> <flag> <handle_of_requester> <reason>
Add global invite. See "+b" for flags. (".+invite")
+invc <hostmask> <expires_at_epoch> <channel> <flag> <handle_of_requester> <reason>
Add channel invite. See "+b" for flags. (".+invite")
-b <hostmask>
Remove global ban. (".-ban")
-bc <channel> <hostmask>
Remove channel ban. (".-ban")
-cr <handle> <channel>
Remove a channel record. (".-chrec")
-e <hostmask>
Remove global exempt. (".-exempt")
-ec <channel> <hostmask>
Remove channel exempt. (".-exempt")
-h <handle> <hostmask>
Remove a hostmask. (".-host")
-i <hostmask>
Remove ignore. (".-ignore")
-inv <hostmask>
Remove global invite. (".-invite")
-invc <channel> <hostmask>
Remove channel invite. (".-invite")
a <handle> <flags> [channel]
Add or remove user flags. (".chattr")
c <userfield> <argv>
Change or add values for userfields (CONSOLE, FSTAT, FPRINT, HOSTS, PASS, BOTADDR, LASTON, INFO, XTRA, COMMENT, BOTFL) or create a new userentry for a bot. (".+bot", ".chaddr", ".comment", ".chpass", ".newpass", ".fprint", ".chfinger", ".chinfo")
chchinfo <handle> <channel> <info>
Change channel info/greet (needs "use-info" and "share-greet" set to 1). (".chinfo")
e <reason>
Ends the share connection with the given reason.
feats [features_list]
Response to "s uy <features_list>" with which of the requested userfile features are supported.
h <old_handle> <new_handle>
Change a handle (".chhandle")
k <handle>
Remove (kill) a user (".deluser", ".-user", ".-bot")
n <handle> <hostmask> <pass> <flags>
Add a new user. "hostmask" is "none" if user was added without any. "pass" is in all normal cases "-", "flags" is mostly "b" if the user is a bot, "default-flags"-setting via ".adduser" or "-" else. (".adduser", ".+user", ".+bot")
r!
Allow a resync of the userfile.
r?
Ask for a resync of the userfile, this is not the complete userfile but what is still left in the buffer of the hub.
rn <reason>
Reject a resync of the userfile for the given reason, a userfile send request ("s u?") will be sent as response.
s <hostmask> <on_or_off> [channel]
Add or remove sticky ban. 0 means unstick, 1 stick. (".stick", ".unstick")
se <hostmask> <on_or_off> [channel]
Add or remove sticky exempt. 0 means unstick, 1 stick. (".stick", ".unstick")
sInv <hostmask> <on_or_off> [channel]
Add or remove sticky invite. 0 means unstick, 1 stick. (".stick", ".unstick")
u?
Ask if a userfile can be sent.
un <reason>
Reject a userfile for the given reason.
us <longip> <[+]port> <length>
Response from the hub to "s uy" giving the connection details of the hub for the leaf to connect to and receive the userfile. NOTE: As of 1.8.3, this IP address is ignored and the leaf instead uses the IP address of the active link connection it already has with the bot.
uy [features_list]
Response from a leaf to "s u?" from a hub, acknowledging it and also sending a list of wanted userfile features, seperated by a space (by default available: "exempts", "invites", "overbots"; with compress module loaded also: "compress").
v <bot_version>
Initiates the share communication, verifies the minimum share version is met (the bot_version argument here is actually ignored, the version is taken rom the "v"/"version" command) and starts a resync ("s r?") or full userfile send ("s u?) request.
Personal tools