1. Forum
  2. Fsxnet Message
  3. FSX GEN

  • security

    From Spectre@21:3/101 to Nobody on Friday, December 13, 2019 13:19:00
    looks like my bbs account which is meant to telnet to the bbs is still a security issue. I'm going to try removing bash as its shell and replacing it with telnet.

    Spec


    --- SuperBBS v1.17-3 (Eval)
    * Origin: A camel is a horse, designed by a committee! (21:3/101)
  • From Zip@21:1/202 to Spectre on Friday, December 13, 2019 05:58:20
    Hello Spectre!

    On 13 Dec 2019, Spectre said the following...
    looks like my bbs account which is meant to telnet to the bbs is still a security issue. I'm going to try removing bash as its shell and
    replacing it with telnet.

    Hmm... Strange... I wonder how they interrupt it...

    Best regards
    Zip

    --- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
    * Origin: Star Collision BBS, Uppsala, Sweden (21:1/202)
  • From ryan@21:1/168 to Spectre on Thursday, December 12, 2019 22:14:38
    looks like my bbs account which is meant to telnet to the bbs is still a security issue. I'm going to try removing bash as its shell and
    replacing it with telnet.

    I'm not sure how you're launching your bbs, but with daydream I had ddtelnetd serve as the listener on port 23 (which can be done with any BBS, and it auto-logs a user in) and then had it auto login my 'bbs' user whose shell was defined in /etc/passwd as being the binary to launch the BBS. May be worth a shot. Let me know if you want to try this and I can shoot you a link for the daydream source.

    --- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
    * Origin: monterey bbs (21:1/168)
  • From Spectre@21:3/101 to Zip on Friday, December 13, 2019 19:54:00
    Hmm... Strange... I wonder how they interrupt it...

    I'm not certain they do, rather its just the authentication for another vector somehow. They don't seem to be able to elevate themselves though, the damage is always in the "bbs" account.

    Well I can set the telnet client as the shell, but I can't bang an address on the front of it, so not sure how to push that one along. I've temporarily disabled the account altogether.

    Neither of the proxies has been much help to me. One appears to require I use docker, which I don't really know anything about, and the other the python script throws an error about parmagiana's... thats not it... but something like
    that. I have no idea what its actually missing. Parmiko.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Scrawled in haste at The Lower Planes (21:3/101)
  • From Spectre@21:3/101 to ryan on Friday, December 13, 2019 19:58:00
    I'm not sure how you're launching your bbs, but with daydream I had ddtelnetd serve as the listener on port 23 (which can be done with
    any BBS, and it auto-logs a user in) and then had it auto login
    my 'bbs' user whose shell was defined in /etc/passwd as being the
    binary to launch the BBS. May be worth a shot. Let me know if you
    want to try this and I can shoot you a link for the daydream
    source.

    I think mines a tad different. Remember I have antique DOS software, I've got 8 nodes running, but they're all on seperate IP addresses. So my binary to launch the BBS would have to be a telnet client with a fixed address, to the system with haproxy on it, that makes all 8 seperate VM's look like 1 system.

    Spec


    *** THE READER V4.50 [freeware]
    --- SuperBBS v1.17-3 (Eval)
    * Origin: Scrawled in haste at The Lower Planes (21:3/101)