【Ξnigmatico】:misskey: on Nostr: LisPi Nope, apparently they didn't breach in. They were trying stuff. But somehow the ...
LisPi (nprofile…2mzm) Nope, apparently they didn't breach in. They were trying stuff. But somehow the server must have crashed at some point and couldn't start the daemon again, not sure what happen exactly because the only logs I have are some bogus attempts at connecting to random stuff.
The server does not use the stack for anything user input, I remember I modified the program to use dynamically allocated memory instead of the heap, so things like a buffer overflow shouldn't be at the very least obvious. It's also tested against common path injections, they won't work. And the process is not being run as an administrator. It has it's own user and it's not in the sudoers so sudo su should not work. Even if they got shell through an rce somehow they wouldn't get too far, but considering they were just trying stuff and the server crashed I don't think they did get that far (though it did crash).
It didn't look like they breach in, they were most likely trying to connect to stuff thinking it was an HTTP server, and also sending binary data, probably testing exploits for common HTTP servers. Which didn't work but something must have crashed it somehow.
The server does not use the stack for anything user input, I remember I modified the program to use dynamically allocated memory instead of the heap, so things like a buffer overflow shouldn't be at the very least obvious. It's also tested against common path injections, they won't work. And the process is not being run as an administrator. It has it's own user and it's not in the sudoers so sudo su should not work. Even if they got shell through an rce somehow they wouldn't get too far, but considering they were just trying stuff and the server crashed I don't think they did get that far (though it did crash).
It didn't look like they breach in, they were most likely trying to connect to stuff thinking it was an HTTP server, and also sending binary data, probably testing exploits for common HTTP servers. Which didn't work but something must have crashed it somehow.