7th Sphere was Windows based suite of hax0r-tools, built around a mIRC script.


OK, I'll admit it. I was a teenage script kiddie. No, I was one step down from that.

A month after getting an Internet connection back in the mid-1990s, I discovered IRC and became aware of the mythos of the hacker, who'd shut down your PC or reformat your Hard Disk if you insulted him in a channel. I wanted to be one of those, but with no serious coding background and Win95, I needed a shortcut.

I - and many thousands of others of my age and background - found 7th Sphere. Here was a collection of Windows GUI-driven applications designed for annoying people on IRC. You'd download it from a terribly-designed webpage on Geocities somewhere, probably under the label of a 'war' script. I had to upgrade my Winsock to version 2 to run it.

The first version of 7th sphere was scripted by 'cashmere' and 'precursor' in 1996, but didn't have any of the trademark applications until 'Rahd' joined in 1997, with 'Venum'. 'cashmere' left the crew, and the three remaining members guided 7th Sphere to its final incarnation at version 3.0

7th Sphere only worked with mIRC 5.02, which ultimately defeated the script as mIRC updated every couple of months. It added quite a lot of functionality, including a netsplit detector, channel hijacking tools, and funky .WAV sound-effects. What really made it worthwhile, though, were the applications written by Rhad for the 7th sphere script, known as Rhadware. All of these were little .exe files worked independently from 7th Sphere as a whole, and most had non-IRC uses too. Very quickly, they were distributed separately from the 7th Sphere script, and many are still around. There were persistent rumours about trojans inside Rhadware apps, and some Anti-Virus programs register them as security holes. However, it seems likely that some of the individual Rhadware programs were trojaned by other parties, rather than the originally distributed package.

7th Sphere's Rhadware included:

  • Portscan - probably the best Windows port scanner I've used, this was the most functional part of the 7th Sphere suite, and outlived it by several years. You'll find it online often. It's no nmap, but you feed it an IP or hostname and a port range, and it runs a very quick scan, attempting connections sequentially. If it picks up an open port it displays output text in a log-window. It also had a useful button that killed all its active connections.

  • Portfuck - This app attempted a large number of connections to a specified TCP port, which would occasionally cause a crash of some kind to the target. More likely, though, it would slow the target but tie up all the outgoing sockets of the attacker. The time-delay per connection was configurable.

  • Pestilence - attacks the Windows 95 out-of-bands on port 139 bug. You give it a hostname or IP, no other options. The full script will automatically feed it a whole IRC channel's IPs on request.

  • Assault - a flooder, using ICMP ECHO or UDP packets of a specified port of a specifiable length, number and frequency.

  • Click - A clever program that could spoof a disconnection message to a IRC client, causing the target user to be kicked off the server. You had to guess the TCP ports that the client and server were using, though the program would send it to a range of the likely combinations.

  • ICMP Watch - A simple monitor for ICMP floods and OOB-nukes, which logs the attacker's IP

  • Wako Clones - would generate a number of zombie connections to an IRC server, each with a different username. They could all enter a channel and spam-flood it, or launch an ICMP flood attack on a specified user.

  • Windows AnonIRC - basically converts the computer that runs it into a bouncing proxy for IRC. Used primarily to get around k:lines by changing the user's apparent host.

See http://www.7thsphere.com/adam/7thsphere.html for cashmere's story and the script itself.