TUCoPS :: Dialup BBSes :: hackprof.txt

RBBS: Hacker-proofing RBBS doors - or, backwards, Hacking RBBSes via doors!

                             HACKER PROOF DOORS!
                               It is possible.

There is a basic flaw in doors that RBBS doesn't cover. The RBBS program 
doesn't keep users from uploading ".BAT" files. Consider this:

 RBBS has three basic tests to get into doors. 
1> the user must have high enough access level.
2> the door requested must be listed on the door menu.
3> the bat file with the same name must be on the disk.
If the hacker is on the ball, he/she (let's give women some credit) would 
first upload the bat file. In #2 above RBBS checks the Door menu line at a 
time with an "INSTR" command looking for matches. Hence if the door is called 
"GAME" then G,GA,GAM,AM,AME,M,ME,E,A all are valid and will pass the second 
test. So all a user would have to do is upload a file called "GAM.BAT" then go 
to doors. Rather than entering "GAME", they enter "GAM" and the GAM.BAT door 
is opened. They could format c: or CTTY to com1 and get full access to your 
hard disk. 

So if you want to open the doors you will need to change one line:
20741 A=1:GOSUB 5000:F$=MID$(FA$,X,1)+":"+Z$:IF INSTR(F$,"?") OR INSTR(F$,"*") 
OR INSTR(F$," ") OR INSTR(F$,".DEF") OR INSTR(F$,".OLD") OR INSTR(F$,".BAT") 
OR INSTR(F$,"\") OR INSTR(3,F$,":") OR MID$(F$,LEN(F$),1)="." THEN A=2:RETURN

With the above change nobody can up or down load files with those extensions. 
Since they can no longer upload files with the .bat ext. then they can't crash 
in through the cracks.

The only thing left is the users input. If you use the CTTY command they have 
full access to your system. Try opening your doors in a limited fashion. ie 
Output only.  There are a lot of useful programs that can be run in this mode. 
I have my doors open with a Basic compiler program. The user uploads a file to 
compile and enters doors. The doors runs a bat file that runs the basic 
compiler with the output redirected to the com port. The user sees what is 
happening but has no ability to change anything. The program is compiled, 
linked, and arc'ed in front of them and the board returns so they may download 
the compiled arc'ed program. 

If the above two items are implemented, you can operate the doors without 
worrying about hackers.

Good luck and try "DOORS" they work great!!!

Steve Hastings    Sysop of:

Electrons Under Control BBS
Riverside,Ca.  714-689-5084

24 Hr 300/1200 RBBS-12.5a with "B9" and "Seecolor" mods applied

ANSI color, Toro and Sysop Private forums and "DOORS".

END. HACKPROF.DOR

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH