Wraith
Wraith is a powerful botnet that can be used to manage and protect channels without services.
Pros:
- Stronger than eggdrop
Cons:
- Written in C++
- OpenBSD is not officially supported
- Complex, not easy to use
First, plan out your botpack. Wraith requires a hub and several leaves. Figure out which server you want to act as a hub and which as leaves. For each network you want to serve, create name server records such as hub.network.ircnow.org, fruit1.network.ircnow.org, fruit2.network.ircnow.org, and so forth. This will help you keep track of the hubs and leaves.
The pack config instructions are very confusing, but you will want to read all the wraith documentation. Before you begin, you will want to create a config file and then save it in a safe place. Make sure to back it up.
Here is a sample config:
PACKNAME yourpackname BINARYPASS +dURT8$6e8e5b2448356bb48f642dd18115aaaaca7b6dcb DCCPREFIX . OWNER yournick +SUXSC$d2312f8fcd9de09574d7370e8de058d91322686c HUB yourhubname hub.network.ircnow.org 12742 SALT1 nuUlSail2TyDzZhWOX9Paz1L6SBoVLvX SALT2 ThTQF8IFeEe5ox0i
Create a salted password hash by choosing a random 5 character alphanumeric salt and random password:
SALT='AbCd3'; PASS='aBcD3fgH1jK1'; hash=$(echo -n "${SALT}${PASS}" | sha1 | awk '{print $1}'); echo "+${SALT}\$${hash}"
Run this twice with different values for SALT and PASS to create two random hashes for BINARYPASS and OWNER. Make sure to save the unhashed SALT and PASS and the salted hash. You must do this twice for both BINARYPASS and OWNER; store this in a safe place! Use the hashes to fill in the config above.
Replace yourpackname
with the network name (such as efnet, ircnet, undernet). yournick
should be replaced with your login username, yourhubname
with the network name (such as efnet, ircnet, undernet), and hub.network.ircnow.org
with the matching hostname. Pick a free port to use.
To generate SALT1 and SALT2, run this script:
SALT1=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w ${1:-32} | head -n 1`; SALT2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w ${1:-16} | head -n 1`; echo "SALT1=$SALT1"; echo "SALT2=$SALT2";
wraith's git repo contains the source code for release v1.4.10. However, it was not tested on OpenBSD and won't build. IRCNow uses a patched version of the source that has been tested to work on OpenBSD 6.8 stable.
$ doas pkg_add gmake-4.3 $ doas pkg_add g++-8.4.0 $ cd ~ $ ftp https://ircnow.org/software/wraith-v1.4.10a.tar.gz $ tar xvzf wraith-v1.4.10a.tar.gz $ cd wraith-v1.4.10/ $ ./configure $ gmake
Then, copy this install script into ~/wraith-setup.sh:
WRAITHPATH=~/wraith-v1.4.10/wraith while [[ -n $USER ]] do print -n "Create new bot (WARNING: WILL DELETE!): "; read USER; doas userdel -rv $USER; doas groupdel -v $USER; doas useradd -m -g =uid -c "$USER" -d /home/$USER -s /bin/ksh $USER doas mkdir -p /home/$USER/usr/lib/ doas mkdir -p /home/$USER/usr/libexec/ doas mkdir -p /home/$USER/etc/ doas mkdir -p /home/$USER/tmp/ doas mkdir -p /home/$USER/.../ doas cp $WRAITHPATH /home/$USER/ doas cp /usr/lib/libssl.so.48.1 /home/$USER/usr/lib/ doas cp /usr/lib/libm.so.10.1 /home/$USER/usr/lib/ doas cp /usr/lib/libc.so.96.0 /home/$USER/usr/lib/ doas cp /usr/lib/libcrypto.so.46.1 /home/$USER/usr/lib/ doas cp /usr/lib/libstdc++.so.57.0 /home/$USER/usr/lib/ doas cp /usr/libexec/ld.so /home/$USER/usr/libexec/ doas cp /etc/resolv.conf /home/$USER/etc/ doas chown -R $USER:$USER /home/$USER doas su -l $USER -c "/home/$USER/wraith -Q" print -n "Botpack configured! Press enter to continue"; read IGNORE; doas su -l $USER -c "/home/$USER/wraith -C" doas chsh -s /sbin/nologin $USER print -n "Bots configured! Press enter to continue"; read IGNORE; done
Run the script:
$ sh ~/wraith-setup.sh
Hub
If you are creating a hub, name the hub after the network (efnet, ircnet, undernet). The script will ask you to provide the packconfig you generated and saved above. Paste it.
$ sh wraith-setup.sh Create new bot (WARNING: WILL DELETE!): networkname Command: /bin/rm -rf /home/undernet > /dev/null 2>&1 || true // Paste in your PACKCONFIG. Reference https://github.com/wraith/wraith/wiki/PackConfig // Press <enter> if it gets hung up. If that doesn't work hit ^D (CTRL+d)
We paste something like this:
PACKNAME yourpackname BINARYPASS +dURT8$6e8e5b2448356bb48f642dd18115aaaaca7b6dcb DCCPREFIX . OWNER yournick +SUXSC$d2312f8fcd9de09574d7370e8de058d91322686c HUB yourhubname hub.network.ircnow.org 12742 SALT1 nuUlSail2TyDzZhWOX9Paz1L6SBoVLvX SALT2 ThTQF8IFeEe5ox0i
The terminal will show:
........ * Wrote settings to binary. Botpack configured! Press enter to continue Enter your binary password:
Afterwards, it will ask for your OWNER password and bot configuration information. You will want to these three lines at the top:
hubnick hub.network.ircnow.org ! portmin 64000 ! portmax 64100
Replace hubnick with your network name (efnet, ircnet, undernet) and hub.network.ircnow.org with your hostname. If you want to use IPv6, include a +. You will then want to specify a min port and max port for updating bot info.
It should look like this:
hubnick hub.network.ircnow.org ! portmin 64000 ! portmax 64100 # Automatically updated with -C ! uid 1025 #! uid -1 ! username undernet ! homedir /home/undernet # Hubs this bot will connect to ! hub networkname hub.network.ircnow.org 12742 # '|' means OR, [] means the enclosed is optional # A '+' in front of HOST means the HOST is ipv6 # A '/' in front of BOT will disable that bot. #[/]BOT IP|* [+]HOST|* [IPV6-IP] #bot ip vhost #bot2 * vhost #bot3 ip #bot4 * +ipv6.vhost.com #bot5 * * ip:v6:ip:goes:here:: ### Hubs should have their own binary ###
Save and quit.
WARNING: Don't connect the hub to IRC directly! The hub contains data that if stolen, can cause your entire botnet to get compromised. It is better if the hub is not on a public IP address.
Bots
If you are creating a leaf node, name each leaf node after your server's fruit name (fruit01, fruit02, fruit03). You want three separate shell accounts, one for each bot. Do not put all three leaf nodes in the same shell account. Don't create any more than three shell accounts since more than three bots will waste your IP connection limit without providing much additional protection.
botnick vhost
Replace botnick with your fruit name (fruit01, fruit02, fruit03) and vhost with your IPv6 hostname (fruit.network.ircnow.org).
Backup and Delete Wraith
After you are done, make sure to copy the dynamic wraith binary to somewhere safe and delete it for security reasons.
Run this on your backup PC:
$ scp fruit.ircnow.org:/home/username/wraith-v1.4.10/wraith /path/to/dest/
Then on the server:
$ rm -rf /home/username/wraith-v1.4.10/
Controlling Wraith
To administer wraith, you will need to log in to your server using ssh:
$ ssh network.ircnow.org
Once connected, run netcat to your host and port:
$ nc network.ircnow.org 12742
Joining channels
To make the bot join and leave a channel:
.+chan #chan .-chan #chan
If the channel is keyed:
.chanset #chan chanmode { +ntk key }
Giving users ops
.op #chan <nick>
To use a specific bot:
.botcmd botnick op user * .bl op user *
Cookie-ops
Cookie-ops help ensure an op is valid and secure. It takes who was opped, who opped them, a timestamp, and channel state and sends a hash of this info.
NOTE: If ops are not working, disable op cookies.
To use op cookies:
.chanset #chan -fastop
To disable op cookies:
.chanset #chan +fastop
Voice and Limits
Use +y to voice and +l to set limits:
.chattr bot +ly
DCC into a leaf
If your hostmask is recognized by the bot, then in your IRC client, type:
/DCC CHAT botnick
Enter your password.
If your hostmask is not recognized, type:
/CTCP botnick CHAT
Enter your username, then enter your password.
Default Secure Channel
For an explanation of the channel settings:
.help chaninfo
This will make your channel secure by default:
.chanset #chan -fastop mdop deop manop deop mop deop -autoop +private bad-cookie kick flood-mjoin 6:1 flood-kick 2:30 +protect
Unable to op
If you find yourself unable to op a user:
.op #ircnow user [03:43:28] @ #user# [op -> botcmd ? op] ... [03:43:28] #user# botcmd cherry07 op ... [03:43:29] (cherry07) #user# (#ircnow) op user [cherry07] You don't have access to op on #ircnow
It may be because there is a +d flag set. Run whois on the user:
.whois user [03:45:57] #user# whois user HANDLE PASS FLAGS LAST user yes Oaijmnop 02:47 (#ircnow ) ... COMMENT: +d: Manual op in -manop channel (user!user@user.users.undernet.org MODE #ircnow +o user2)
To fix this, drop the +d flag:
.chattr user -d #ircnow