Permalink
Browse files

Log outgoing botnet traffic and some more incoming. Fixes #22

Log all raw outgoing botnet traffic and raw outgoing share traffic and also some forgotten incoming botnet traffic. This also fixes a long existing bug where console mode h (raw (incoming) share traffic) didn't actually log anything, but appeared under console mode t (raw (incoming) botnet traffic).

* Add flag and implement logging outgoing botnet traffic and outgoing share traffic.
* Log some more outgoing messages at init and other forgotten logging.
* Log inc bot telnet as early as possible too.
* Fix incoming share traffic not appearing when console mode h is set.
  • Loading branch information...
Cizzle authored and vanosg committed Sep 26, 2017
1 parent d951ae9 commit 0c2b48b5b4e26e95e8eef5bed77cc493ca4c2648
Showing with 191 additions and 111 deletions.
  1. +6 −3 doc/sphinx_source/coreDocs/core.rst
  2. +3 −1 doc/sphinx_source/mainDocs/tcl-commands.rst
  3. +4 −2 eggdrop.conf
  4. +2 −1 help/cmds1.help
  5. +46 −60 src/botmsg.c
  6. +20 −20 src/botnet.c
  7. +92 −15 src/dcc.c
  8. +3 −2 src/eggdrop.h
  9. +14 −6 src/flags.c
  10. +1 −1 src/userrec.c
@@ -126,8 +126,9 @@ the logfile of the next day.
set raw-log 0
This setting allows you the logging of raw incoming server traffic via
console/log flag 'r', raw outgoing server traffic via console/log mode
'v', raw botnet traffic via console/log mode 't', and raw share traffic
via console/log mode 'h'. These flags can create a large security hole,
'v', raw incoming botnet traffic via console/log mode 't', raw outgoing
botnet traffic via console/log mode 'u', and raw share traffic via
console/log mode 'h'. These flags can create a large security hole,
allowing people to see user passwords. This is now restricted to +n users
only. Please choose your owners with care.
@@ -160,7 +161,9 @@ logfile <logflags> <channel> "logs/logfile"
+---+------------------------------------------------------+
| s | server connects, disconnects, and notices |
+---+------------------------------------------------------+
| t | raw botnet traffic |
| t | raw incoming botnet traffic |
+---+------------------------------------------------------+
| u | raw outgoing botnet traffic |
+---+------------------------------------------------------+
| v | raw outgoing server traffic |
+---+------------------------------------------------------+
@@ -2010,7 +2010,9 @@ logfile [<modes> <channel> <filename>]
+-----+---------------------------------------------------------------------+
| s | server connects, disconnects, and notices |
+-----+---------------------------------------------------------------------+
| t | raw botnet traffic |
| t | raw incoming botnet traffic |
+-----+---------------------------------------------------------------------+
| u | raw outgoing botnet traffic |
+-----+---------------------------------------------------------------------+
| v | raw outgoing server traffic |
+-----+---------------------------------------------------------------------+
View
@@ -131,7 +131,8 @@ set prefer-ipv6 0
# p - public text on the channel
# r - raw incoming server traffic
# s - server connects, disconnects, and notices
# t - raw botnet traffic
# t - raw incoming botnet traffic
# u - raw outgoing botnet traffic
# v - raw outgoing server traffic
# w - wallops (make sure the bot sets +w in init-server)
# x - file transfers and file-area commands
@@ -166,7 +167,8 @@ set quick-logs 0
# This setting allows you the logging of raw incoming server traffic via
# console/log flag 'r', raw outgoing server traffic via console/log mode 'v',
# raw botnet traffic via console/log mode 't', and raw share traffic via
# raw incoming botnet traffic via console/log mode 't', raw outgoing botnet
# traffic via console/log mode 'u', and raw share traffic via
# console/log mode 'h'. These flags can create a large security hole,
# allowing people to see user passwords. This is now restricted to +n users
# only. Please choose your owners with care.
View
@@ -252,7 +252,8 @@ See also: chhandle
Owners only (these have to be enabled in the config file via "set raw-log"):
%bh%b raw share traffic
%br%b raw incoming server traffic
%bt%b raw botnet traffic
%bt%b raw incoming botnet traffic
%bu%b raw outgoing botnet traffic
%bv%b raw outgoing server traffic
There are also 8 user-defined console modes ('1' through '8').
View
@@ -42,7 +42,7 @@ static char OBUF[1024];
*/
void tandout_but EGG_VARARGS_DEF(int, arg1)
{
int i, x, len;
int i, x;
char *format;
char s[601];
va_list va;
@@ -54,11 +54,9 @@ void tandout_but EGG_VARARGS_DEF(int, arg1)
va_end(va);
s[sizeof(s) - 1] = 0;
len = strlen(s);
for (i = 0; i < dcc_total; i++)
if ((dcc[i].type == &DCC_BOT) && (i != x) && (b_numver(i) < NEAT_BOTNET))
tputs(dcc[i].sock, s, len);
dprintf(i, s);
}
#endif
@@ -198,14 +196,13 @@ void send_tand_but(int x, char *buf, int len)
int i, iso = 0;
if (len < 0) {
len = -len;
iso = 1;
}
for (i = 0; i < dcc_total; i++)
if ((dcc[i].type == &DCC_BOT) && (i != x) &&
(b_numver(i) >= NEAT_BOTNET) &&
(!iso || !(bot_flags(dcc[i].user) & BOT_ISOLATE)))
tputs(dcc[i].sock, buf, len);
dprintf(i, buf);
}
void botnet_send_bye()
@@ -271,25 +268,25 @@ void botnet_send_ping(int idx)
{
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
tputs(dcc[idx].sock, "ping\n", 5);
dprintf(idx, "ping\n");
else
#endif
tputs(dcc[idx].sock, "pi\n", 3);
dprintf(idx, "pi\n");
}
void botnet_send_pong(int idx)
{
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
tputs(dcc[idx].sock, "pong\n", 5);
dprintf(idx, "pong\n");
else
#endif
tputs(dcc[idx].sock, "po\n", 3);
dprintf(idx, "po\n");
}
void botnet_send_priv EGG_VARARGS_DEF(int, arg1)
{
int idx, l;
int idx;
char *from, *to, *tobot, *format;
char tbuf[1024];
va_list va;
@@ -307,32 +304,31 @@ void botnet_send_priv EGG_VARARGS_DEF(int, arg1)
if (tobot) {
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "priv %s %s@%s %s\n", from, to, tobot, tbuf);
simple_sprintf(OBUF, "priv %s %s@%s %s\n", from, to, tobot, tbuf);
else
#endif
l = simple_sprintf(OBUF, "p %s %s@%s %s\n", from, to, tobot, tbuf);
simple_sprintf(OBUF, "p %s %s@%s %s\n", from, to, tobot, tbuf);
} else {
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "priv %s %s %s\n", from, to, tbuf);
simple_sprintf(OBUF, "priv %s %s %s\n", from, to, tbuf);
else
#endif
l = simple_sprintf(OBUF, "p %s %s %s\n", from, to, tbuf);
simple_sprintf(OBUF, "p %s %s %s\n", from, to, tbuf);
}
tputs(dcc[idx].sock, OBUF, l);
dprintf(idx, OBUF);
}
void botnet_send_who(int idx, char *from, char *to, int chan)
{
int l;
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "who %s %s %d\n", from, to, chan);
simple_sprintf(OBUF, "who %s %s %d\n", from, to, chan);
else
#endif
l = simple_sprintf(OBUF, "w %s %s %D\n", from, to, chan);
tputs(dcc[idx].sock, OBUF, l);
simple_sprintf(OBUF, "w %s %s %D\n", from, to, chan);
dprintf(idx, OBUF);
}
void botnet_send_infoq(int idx, char *par)
@@ -347,28 +343,26 @@ void botnet_send_infoq(int idx, char *par)
void botnet_send_unlink(int idx, char *who, char *via, char *bot, char *reason)
{
int l;
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "unlink %s %s %s %s\n", who, via, bot, reason);
simple_sprintf(OBUF, "unlink %s %s %s %s\n", who, via, bot, reason);
else
#endif
l = simple_sprintf(OBUF, "ul %s %s %s %s\n", who, via, bot, reason);
tputs(dcc[idx].sock, OBUF, l);
simple_sprintf(OBUF, "ul %s %s %s %s\n", who, via, bot, reason);
dprintf(idx, OBUF);
}
void botnet_send_link(int idx, char *who, char *via, char *bot)
{
int l;
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "link %s %s %s\n", who, via, bot);
simple_sprintf(OBUF, "link %s %s %s\n", who, via, bot);
else
#endif
l = simple_sprintf(OBUF, "l %s %s %s\n", who, via, bot);
tputs(dcc[idx].sock, OBUF, l);
simple_sprintf(OBUF, "l %s %s %s\n", who, via, bot);
dprintf(idx, OBUF);
}
void botnet_send_unlinked(int idx, char *bot, char *args)
@@ -405,28 +399,26 @@ void botnet_send_nlinked(int idx, char *bot, char *next, char flag, int vernum)
void botnet_send_traced(int idx, char *bot, char *buf)
{
int l;
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "traced %s %s\n", bot, buf);
simple_sprintf(OBUF, "traced %s %s\n", bot, buf);
else
#endif
l = simple_sprintf(OBUF, "td %s %s\n", bot, buf);
tputs(dcc[idx].sock, OBUF, l);
simple_sprintf(OBUF, "td %s %s\n", bot, buf);
dprintf(idx, OBUF);
}
void botnet_send_trace(int idx, char *to, char *from, char *buf)
{
int l;
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "trace %s %s %s:%s\n", to, from, buf, botnetnick);
simple_sprintf(OBUF, "trace %s %s %s:%s\n", to, from, buf, botnetnick);
else
#endif
l = simple_sprintf(OBUF, "t %s %s %s:%s\n", to, from, buf, botnetnick);
tputs(dcc[idx].sock, OBUF, l);
simple_sprintf(OBUF, "t %s %s %s:%s\n", to, from, buf, botnetnick);
dprintf(idx, OBUF);
}
void botnet_send_update(int idx, tand_t *ptr)
@@ -445,7 +437,6 @@ void botnet_send_update(int idx, tand_t *ptr)
void botnet_send_reject(int idx, char *fromp, char *frombot, char *top,
char *tobot, char *reason)
{
int l;
char to[NOTENAMELEN + 1], from[NOTENAMELEN + 1];
if (!(bot_flags(dcc[idx].user) & BOT_ISOLATE)) {
@@ -461,25 +452,24 @@ void botnet_send_reject(int idx, char *fromp, char *frombot, char *top,
reason = "";
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "reject %s %s %s\n", fromp, top, reason);
simple_sprintf(OBUF, "reject %s %s %s\n", fromp, top, reason);
else
#endif
l = simple_sprintf(OBUF, "r %s %s %s\n", fromp, top, reason);
tputs(dcc[idx].sock, OBUF, l);
simple_sprintf(OBUF, "r %s %s %s\n", fromp, top, reason);
dprintf(idx, OBUF);
}
}
void botnet_send_zapf(int idx, char *a, char *b, char *c)
{
int l;
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "zapf %s %s %s\n", a, b, c);
simple_sprintf(OBUF, "zapf %s %s %s\n", a, b, c);
else
#endif
l = simple_sprintf(OBUF, "z %s %s %s\n", a, b, c);
tputs(dcc[idx].sock, OBUF, l);
simple_sprintf(OBUF, "z %s %s %s\n", a, b, c);
dprintf(idx, OBUF);
}
void botnet_send_zapf_broad(int idx, char *a, char *b, char *c)
@@ -497,54 +487,50 @@ void botnet_send_zapf_broad(int idx, char *a, char *b, char *c)
void botnet_send_motd(int idx, char *from, char *to)
{
int l;
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "motd %s %s\n", from, to);
simple_sprintf(OBUF, "motd %s %s\n", from, to);
else
#endif
l = simple_sprintf(OBUF, "m %s %s\n", from, to);
tputs(dcc[idx].sock, OBUF, l);
simple_sprintf(OBUF, "m %s %s\n", from, to);
dprintf(idx, OBUF);
}
void botnet_send_filereject(int idx, char *path, char *from, char *reason)
{
int l;
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "filereject %s %s %s\n", path, from, reason);
simple_sprintf(OBUF, "filereject %s %s %s\n", path, from, reason);
else
#endif
l = simple_sprintf(OBUF, "f! %s %s %s\n", path, from, reason);
tputs(dcc[idx].sock, OBUF, l);
simple_sprintf(OBUF, "f! %s %s %s\n", path, from, reason);
dprintf(idx, OBUF);
}
void botnet_send_filesend(int idx, char *path, char *from, char *data)
{
int l;
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "filesend %s %s %s\n", path, from, data);
simple_sprintf(OBUF, "filesend %s %s %s\n", path, from, data);
else
#endif
l = simple_sprintf(OBUF, "fs %s %s %s\n", path, from, data);
tputs(dcc[idx].sock, OBUF, l);
simple_sprintf(OBUF, "fs %s %s %s\n", path, from, data);
dprintf(idx, OBUF);
}
void botnet_send_filereq(int idx, char *from, char *bot, char *path)
{
int l;
#ifndef NO_OLD_BOTNET
if (b_numver(idx) < NEAT_BOTNET)
l = simple_sprintf(OBUF, "filereq %s %s:%s\n", from, bot, path);
simple_sprintf(OBUF, "filereq %s %s:%s\n", from, bot, path);
else
#endif
l = simple_sprintf(OBUF, "fr %s %s:%s\n", from, bot, path);
tputs(dcc[idx].sock, OBUF, l);
simple_sprintf(OBUF, "fr %s %s:%s\n", from, bot, path);
dprintf(idx, OBUF);
}
void botnet_send_idle(int idx, char *bot, int sock, int idle, char *away)
Oops, something went wrong.

0 comments on commit 0c2b48b

Please sign in to comment.