💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › hackprof.txt captured on 2023-01-29 at 07:46:22.
⬅️ Previous capture (2021-12-04)
-=-=-=-=-=-=-
HACKER PROOF DOORS! It is possible. There is a basic flaw in doors that RBBS doesn't cover. The RBBS program doesn't keep users from uploading ".BAT" files. Consider this: RBBS has three basic tests to get into doors. 1> the user must have high enough access level. 2> the door requested must be listed on the door menu. 3> the bat file with the same name must be on the disk. If the hacker is on the ball, he/she (let's give women some credit) would first upload the bat file. In #2 above RBBS checks the Door menu line at a time with an "INSTR" command looking for matches. Hence if the door is called "GAME" then G,GA,GAM,AM,AME,M,ME,E,A all are valid and will pass the second test. So all a user would have to do is upload a file called "GAM.BAT" then go to doors. Rather than entering "GAME", they enter "GAM" and the GAM.BAT door is opened. They could format c: or CTTY to com1 and get full access to your hard disk. So if you want to open the doors you will need to change one line: 20741 A=1:GOSUB 5000:F$=MID$(FA$,X,1)+":"+Z$:IF INSTR(F$,"?") OR INSTR(F$,"*") OR INSTR(F$," ") OR INSTR(F$,".DEF") OR INSTR(F$,".OLD") OR INSTR(F$,".BAT") OR INSTR(F$,"\") OR INSTR(3,F$,":") OR MID$(F$,LEN(F$),1)="." THEN A=2:RETURN With the above change nobody can up or down load files with those extensions. Since they can no longer upload files with the .bat ext. then they can't crash in through the cracks. The only thing left is the users input. If you use the CTTY command they have full access to your system. Try opening your doors in a limited fashion. ie Output only. There are a lot of useful programs that can be run in this mode. I have my doors open with a Basic compiler program. The user uploads a file to compile and enters doors. The doors runs a bat file that runs the basic compiler with the output redirected to the com port. The user sees what is happening but has no ability to change anything. The program is compiled, linked, and arc'ed in front of them and the board returns so they may download the compiled arc'ed program. If the above two items are implemented, you can operate the doors without worrying about hackers.