• Magicka in Syncterm

    From CyntaxX@21:4/113 to apam on Sun Feb 4 06:53:44 2018
    So I normally run netrunner as a telnet client. So I figured I'd load
    Syncterm up to see how Magicka looks. At the login prompt I accidentally
    right clicked which for some reason produced a bunch of random letters. Somehow, I was able to create an account and login, then upload a file all
    with just a right click.

    It seems at login if you enter a name that isn't already on the system it allows you to create an account without typing "new". It may have been a
    fluke that my right clicks produced a "Y" at certain (Y/N) prompts but I was able to create two accounts just by right clicking long enough. So I would imagine port scanners would easily be able to create random accounts.

    --- Mystic BBS v1.12 A38 2018/01/01 (Raspberry Pi/32)
    * Origin: Digital Wurmhole | digitalwurmhole.ddns.net:2323 (21:4/113)
  • From NuSkooler@21:1/121 to CyntaxX on Sun Feb 4 10:18:06 2018
    On Sunday, February 4th CyntaxX was heard saying...
    Somehow, I was able to create an account and login, then upload a file all with just a right click.

    LOL, that's quite the feat!



    --- ENiGMA 1/2 v0.0.9-alpha (linux; x64; 8.9.4)
    * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)
  • From CyntaxX@21:4/113 to NuSkooler on Sun Feb 4 12:47:56 2018
    On 02/04/18, NuSkooler said the following...


    On Sunday, February 4th CyntaxX was heard saying...
    Somehow, I was able to create an account and login, then upload a fil all with just a right click.

    LOL, that's quite the feat!

    Yes, there's a fella on my Magicka board that goes by the name a;lk2# he's a funny guy always leaving odd oneliners such as "a;flskj2#%^$^as;dlk" Maybe
    it's his native tongue he claimed to be from "ch.init {"

    --- Mystic BBS v1.12 A38 2018/01/01 (Raspberry Pi/32)
    * Origin: Digital Wurmhole | digitalwurmhole.ddns.net:2323 (21:4/113)
  • From Static@21:2/140 to CyntaxX on Sun Feb 4 16:51:30 2018
    On 02/04/18, CyntaxX said the following...

    Syncterm up to see how Magicka looks. At the login prompt I accidentally right clicked which for some reason produced a bunch of random letters. Somehow, I was able to create an account and login, then upload a file
    all with just a right click.

    It's not random so much as that right clicking in Syncterm pastes whatever is in your clipboard into the session. The Y/N prompts probably just ignored every character thrown at them until a Y or N is reached and then took the appropriate action. Likewise the menus are just following the characters in the order they're received.

    If you're really worried about this then to prevent or at least reduce the effect the BBS could discard any input received until it's finished processing the last command it received... but then the user could no longer chain commands together if they know the menu structure. eg: 'MI' at the main menu
    to enter the message area and pull up the message index on a Mystic board. Though I guess they could just do the wait-before-input thing during login and registration.

    --- Mystic BBS v1.12 A38 2018/01/01 (Linux/64)
    * Origin: Subcarrier BBS (21:2/140)
  • From apam@21:1/125 to CyntaxX on Mon Feb 5 09:55:22 2018
    CyntaxX said....

    It seems at login if you enter a name that isn't already on the system it allows you to create an account without typing "new". It may have been a fluke that my right clicks produced a "Y" at certain (Y/N) prompts but I
    was
    able to create two accounts just by right clicking long enough. So I
    would
    imagine port scanners would easily be able to create random accounts.

    I'm not sure what to do about this. Do you think I should enforce typing
    "new" to create a new account?

    If you want to drop the fake user, you can just drop the user from the users.sq3 database.

    sqlite3 users.sq3
    delete from users where loginname like "???";
    .q

    replace the ??? with the random username you made.

    I should really make a user tool, but so many things to do, and only so
    much time.

    Andrew

    --- MagickaBBS v0.9alpha (Linux/x86_64)
    * Origin: Exotica BBS - telnet://exoticabbs.com:2023/ (21:1/125)
  • From CyntaxX@21:4/113 to apam on Sun Feb 4 19:23:42 2018
    On 02/05/18, apam said the following...

    I'm not sure what to do about this. Do you think I should enforce typing "new" to create a new account?

    I honestly think that might be best. But on the other side of the coin it was
    a fluke and what would be the chances a port scanner would get that far? I'm sure it hasn't happened on your board, so it may just be a wait and see kinda thing.

    --- Mystic BBS v1.12 A38 2018/01/01 (Raspberry Pi/32)
    * Origin: Digital Wurmhole | digitalwurmhole.ddns.net:2323 (21:4/113)
  • From Tiny@21:1/130.4 to apam on Mon Feb 5 21:42:54 2018
    Quoting apam to CyntaxX <=-

    I'm not sure what to do about this. Do you think I should enforce
    typing "new" to create a new account?

    Just as an aside. I've had Magicka running since the summer sometime and
    I have 0 users that were not human.

    I should really make a user tool, but so many things to do, and only
    so much time.

    I need to write the stuff down. ;)

    Shawn

    ... Beauty is only skin deep, but ugly goes right to the bone.
    --- Blue Wave/386
    * Origin: A Tiny slice o pi (21:1/130.4)