HackTheBot
From Chaos Communication Camp 2007
Contents |
[edit] Hack The Bot
The gozerbot development team will be providing a sandbox for you to play in. The aim is to find potential security holes in the bot, gaining OPER access or even possible shell access. Can you do it?
[edit] Incidents found
- By Astro-
- QUIT by crafted RSS feed: http://dev.gozerbot.org/trac/ticket/13
[edit] Resources
- #HackTheBot on freenode or IRCNet (irc.freenode.net / irc.xs4all.nl (NL) / irc.belwue.de (DE) / irc.irc.stealth.net (USA))
- http://gozerbot.org
- http://gozerbot.org/hg/release/0.7.1/
[edit] About gozerbot
Gozerbot is a Python IRC and Jabber bot. Core features are (bot not limited to):
- user management by userhost .. bot will not respond if it doesn't know you (see /docs/USER/)
- fleet .. use more than one bot in a program (list of bots) (see /docs/FLEET/)
- use the bot through dcc chat .. partyline
- fetch rss feeds (see /docs/RSS/)
- keep todo and shop lists
- karma
- quote
- remember items
- relaying between bots (see /docs/RELAY/)
- program your own plugins (see /docs/PROGRAMPLUGIN/)
- run the builtin webserver (see /docs/WEBSERVER/)
- query other bots webserver via irc (see /docs/COLLECTIVE/)
- other stuff