informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/hacking/hackprof.txt

42 lines
2.2 KiB
Plaintext
Raw Permalink Blame History

HACKER PROOF DOORS!
It is possible.
There is a basic flaw in doors that RBBS doesn't cover. The RBBS program
doesn't keep users from uploading ".BAT" files. Consider this:
RBBS has three basic tests to get into doors.
1> the user must have high enough access level.
2> the door requested must be listed on the door menu.
3> the bat file with the same name must be on the disk.
If the hacker is on the ball, he/she (let's give women some credit) would
first upload the bat file. In #2 above RBBS checks the Door menu line at a
time with an "INSTR" command looking for matches. Hence if the door is called
"GAME" then G,GA,GAM,AM,AME,M,ME,E,A all are valid and will pass the second
test. So all a user would have to do is upload a file called "GAM.BAT" then go
to doors. Rather than entering "GAME", they enter "GAM" and the GAM.BAT door
is opened. They could format c: or CTTY to com1 and get full access to your
hard disk.
So if you want to open the doors you will need to change one line:
20741 A=1:GOSUB 5000:F$=MID$(FA$,X,1)+":"+Z$:IF INSTR(F$,"?") OR INSTR(F$,"*")
OR INSTR(F$," ") OR INSTR(F$,".DEF") OR INSTR(F$,".OLD") OR INSTR(F$,".BAT")
OR INSTR(F$,"\") OR INSTR(3,F$,":") OR MID$(F$,LEN(F$),1)="." THEN A=2:RETURN
With the above change nobody can up or down load files with those extensions.
Since they can no longer upload files with the .bat ext. then they can't crash
in through the cracks.
The only thing left is the users input. If you use the CTTY command they have
full access to your system. Try opening your doors in a limited fashion. ie
Output only. There are a lot of useful programs that can be run in this mode.
I have my doors open with a Basic compiler program. The user uploads a file to
compile and enters doors. The doors runs a bat file that runs the basic
compiler with the output redirected to the com port. The user sees what is
happening but has no ability to change anything. The program is compiled,
linked, and arc'ed in front of them and the board returns so they may download
the compiled arc'ed program.
If the above two items are implemented, you can operate the doors without
worrying about hackers.
Reference in New Issue View Git Blame Copy Permalink