Wraith

Warrning: This guide was written for OpenBSD 6.8 and doesn't work on newer versions

Wraith is a powerful botnet that can be used to manage and protect channels without services.

Pros:

  1. Stronger than eggdrop

Cons:

  1. Written in C++
  2. OpenBSD is not officially supported
  3. Complex, not easy to use

First, plan out your botpack. Wraith requires a hub and several leaves. Figure out which server you want to act as a hub and which as leaves. For each network you want to serve, create name server records such as hub.network.ircnow.org, fruit1.network.ircnow.org, fruit2.network.ircnow.org, and so forth. This will help you keep track of the hubs and leaves.

The pack config instructions are very confusing, but you will want to read all the wraith documentation. Before you begin, you will want to create a config file and then save it in a safe place. Make sure to back it up.

Here is a sample config:

PACKNAME yourpackname
BINARYPASS +dURT8$6e8e5b2448356bb48f642dd18115aaaaca7b6dcb
DCCPREFIX .
OWNER yournick +SUXSC$d2312f8fcd9de09574d7370e8de058d91322686c
HUB yourhubname hub.network.ircnow.org 12742
SALT1 nuUlSail2TyDzZhWOX9Paz1L6SBoVLvX
SALT2 ThTQF8IFeEe5ox0i

Create a salted password hash by choosing a random 5 character alphanumeric salt and random password:

SALT='AbCd3'; PASS='aBcD3fgH1jK1'; hash=$(echo -n "${SALT}${PASS}" | sha1 | awk '{print $1}'); echo "+${SALT}\$${hash}"

Run this twice with different values for SALT and PASS to create two random hashes for BINARYPASS and OWNER. Make sure to save the unhashed SALT and PASS and the salted hash. You must do this twice for both BINARYPASS and OWNER; store this in a safe place! Use the hashes to fill in the config above.

Replace yourpackname with the network name (such as efnet, ircnet, undernet). yournick should be replaced with your login username, yourhubname with the network name (such as efnet, ircnet, undernet), and hub.network.ircnow.org with the matching hostname. Pick a free port to use.

To generate SALT1 and SALT2, run this script:

SALT1=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w ${1:-32} | head -n 1`; SALT2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w ${1:-16} | head -n 1`; echo "SALT1=$SALT1"; echo "SALT2=$SALT2";

wraith's git repo contains the source code for release v1.4.10. However, it was not tested on OpenBSD and won't build. IRCNow uses a patched version of the source that has been tested to work on OpenBSD 6.8 stable.

$ doas pkg_add gmake-4.3
$ doas pkg_add g++-8.4.0
$ cd ~
$ ftp https://ircnow.org/software/wraith-v1.4.10a.tar.gz
$ tar xvzf wraith-v1.4.10a.tar.gz
$ cd wraith-v1.4.10/
$ ./configure
$ gmake

Then, copy this install script into ~/wraith-setup.sh:

WRAITHPATH=~/wraith-v1.4.10/wraith

while [[ -n $USER ]]
do
        print -n "Create new bot (WARNING: WILL DELETE!): ";
        read USER;
        doas userdel -rv $USER;
        doas groupdel -v $USER;
        doas useradd -m -g =uid -c "$USER" -d /home/$USER -s /bin/ksh $USER
        doas mkdir -p /home/$USER/usr/lib/
        doas mkdir -p /home/$USER/usr/libexec/
        doas mkdir -p /home/$USER/etc/
        doas mkdir -p /home/$USER/tmp/
        doas mkdir -p /home/$USER/.../
        doas cp $WRAITHPATH /home/$USER/
        doas cp /usr/lib/libssl.so.48.1 /home/$USER/usr/lib/
        doas cp /usr/lib/libm.so.10.1 /home/$USER/usr/lib/
        doas cp /usr/lib/libc.so.96.0 /home/$USER/usr/lib/
        doas cp /usr/lib/libcrypto.so.46.1 /home/$USER/usr/lib/
        doas cp /usr/lib/libstdc++.so.57.0 /home/$USER/usr/lib/
        doas cp /usr/libexec/ld.so /home/$USER/usr/libexec/
        doas cp /etc/resolv.conf /home/$USER/etc/
        doas chown -R $USER:$USER /home/$USER
        doas su -l $USER -c "/home/$USER/wraith -Q"
        print -n "Botpack configured! Press enter to continue";
        read IGNORE;
        doas su -l $USER -c "/home/$USER/wraith -C"
        doas chsh -s /sbin/nologin $USER
        print -n "Bots configured! Press enter to continue";
        read IGNORE;
done

Run the script:

$ sh ~/wraith-setup.sh

Hub

If you are creating a hub, name the hub after the network (efnet, ircnet, undernet). The script will ask you to provide the packconfig you generated and saved above. Paste it.

$  sh wraith-setup.sh  
Create new bot (WARNING: WILL DELETE!): networkname
Command: /bin/rm -rf /home/undernet > /dev/null 2>&1 || true
// Paste in your PACKCONFIG. Reference https://github.com/wraith/wraith/wiki/PackConfig
// Press <enter> if it gets hung up. If that doesn't work hit ^D (CTRL+d)

We paste something like this:

PACKNAME yourpackname
BINARYPASS +dURT8$6e8e5b2448356bb48f642dd18115aaaaca7b6dcb
DCCPREFIX .
OWNER yournick +SUXSC$d2312f8fcd9de09574d7370e8de058d91322686c
HUB yourhubname hub.network.ircnow.org 12742
SALT1 nuUlSail2TyDzZhWOX9Paz1L6SBoVLvX
SALT2 ThTQF8IFeEe5ox0i

The terminal will show:

........
* Wrote settings to binary.
Botpack configured! Press enter to continue
Enter your binary password: 

Afterwards, it will ask for your OWNER password and bot configuration information. You will want to these three lines at the top:

hubnick hub.network.ircnow.org
! portmin 64000
! portmax 64100

Replace hubnick with your network name (efnet, ircnet, undernet) and hub.network.ircnow.org with your hostname. If you want to use IPv6, include a +. You will then want to specify a min port and max port for updating bot info.

It should look like this:

hubnick hub.network.ircnow.org
! portmin 64000
! portmax 64100

# Automatically updated with -C
! uid 1025
#! uid -1

! username undernet
! homedir /home/undernet

# Hubs this bot will connect to
! hub networkname hub.network.ircnow.org 12742

# '|' means OR, [] means the enclosed is optional
# A '+' in front of HOST means the HOST is ipv6
# A '/' in front of BOT will disable that bot.
#[/]BOT IP|* [+]HOST|* [IPV6-IP]
#bot ip vhost
#bot2 * vhost
#bot3 ip
#bot4 * +ipv6.vhost.com
#bot5 * * ip:v6:ip:goes:here::
### Hubs should have their own binary ###

Save and quit.

WARNING: Don't connect the hub to IRC directly! The hub contains data that if stolen, can cause your entire botnet to get compromised. It is better if the hub is not on a public IP address.

Bots

If you are creating a leaf node, name each leaf node after your server's fruit name (fruit01, fruit02, fruit03). You want three separate shell accounts, one for each bot. Do not put all three leaf nodes in the same shell account. Don't create any more than three shell accounts since more than three bots will waste your IP connection limit without providing much additional protection.

botnick vhost

Replace botnick with your fruit name (fruit01, fruit02, fruit03) and vhost with your IPv6 hostname (fruit.network.ircnow.org).

Backup and Delete Wraith

After you are done, make sure to copy the dynamic wraith binary to somewhere safe and delete it for security reasons.

Run this on your backup PC:

$ scp fruit.ircnow.org:/home/username/wraith-v1.4.10/wraith /path/to/dest/

Then on the server:

$ rm -rf /home/username/wraith-v1.4.10/

Controlling Wraith

To administer wraith, you will need to log in to your server using ssh:

$ ssh network.ircnow.org

Once connected, run netcat to your host and port:

$ nc network.ircnow.org 12742

Joining channels

To make the bot join and leave a channel:

.+chan #chan
.-chan #chan

If the channel is keyed:

.chanset #chan chanmode { +ntk key }

Giving users ops

.op #chan <nick>

To use a specific bot:

.botcmd botnick op user *
.bl op user *

Cookie-ops

Cookie-ops help ensure an op is valid and secure. It takes who was opped, who opped them, a timestamp, and channel state and sends a hash of this info.

NOTE: If ops are not working, disable op cookies.

To use op cookies:

.chanset #chan -fastop

To disable op cookies:

.chanset #chan +fastop

Voice and Limits

Use +y to voice and +l to set limits:

.chattr bot +ly

DCC into a leaf

If your hostmask is recognized by the bot, then in your IRC client, type:

/DCC CHAT botnick

Enter your password.

If your hostmask is not recognized, type:

/CTCP botnick CHAT

Enter your username, then enter your password.

Default Secure Channel

For an explanation of the channel settings:

.help chaninfo

This will make your channel secure by default:

.chanset #chan -fastop mdop deop manop deop mop deop -autoop +private bad-cookie kick flood-mjoin 6:1 flood-kick 2:30 +protect

Unable to op

If you find yourself unable to op a user:

.op #ircnow user
[03:43:28] @ #user# [op -> botcmd ? op] ...
[03:43:28] #user# botcmd cherry07 op ...
[03:43:29] (cherry07) #user# (#ircnow) op user
[cherry07] You don't have access to op on #ircnow

It may be because there is a +d flag set. Run whois on the user:

.whois user
[03:45:57] #user# whois user
HANDLE                           PASS FLAGS           LAST
user                             yes  Oaijmnop        02:47 (#ircnow   )
...
COMMENT: +d: Manual op in -manop channel              (user!user@user.users.undernet.org MODE #ircnow +o user2)

To fix this, drop the +d flag:

.chattr user -d #ircnow