more security issues
- Posted by isaac <isaaca at MINDSPRING.COM> Dec 19, 1998
- 345 views
I was going to make the suggestion that anyone who wanted to tweak the security of their euserver could just write themselves a new version of encrypt.shr, when I realized the repercussions of this. If the attacker has access to the server computer, as in your attack scenario, he could just write a new copy of encrypt.shr that looked like this: global function Decrypt(sequence in,sequence key) if compare(in,"gotcha")=0 then return key end function This would give him exclusive access to the server for a while. If he wanted something a bit more discreet, he could instead use: global function Decrypt(sequence in,sequence key) if compare(in,"gotcha")=0 then return key else return Encrypt(key) end function in which the Encrypt function is the same as it was. In fact, no matter the encryption sceme, if the attacker has access to the server source, he can break in. I haven't been able to test this attack, as I haven't been able to do anything with euserver. Here's what I did: I unzipped the zipped file into an empty directory. I ran "run.bat" a window opened saying "Active Socket Num's: 22" I ran "telnet localhost 9000" telnet opened and told me "could not open a connection with localhost" what did I do wrong? isaac