AltME groups homeHelpJoin REBOL3 world
  Find AltME posts   Help

Recent posts

Worlds:r4wpr3wp
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
10-May 15:46 UTC
[0.065] 18.945k
r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

Join the discussions in the REBOL3 world...

[Linux] group for linux REBOL users

older
newer		first
last
Anton
15-Aug-2009
[3071]
No joy.
Gabriele
17-Aug-2009
[3072x3]
awake is only called if you use WAIT (which the native console does 
not use - indeed you don't get other port events while at the console 
prompt)

i did replace system/ports/input and output and it works, i used 
that to "broadcast" what is typed at the console to other listener 
(eg. for online demos or lessons or things like that).

http://www.colellachiara.com/soft/Misc/broadcast-console.r
Graham
17-Aug-2009
[3075]
Is this a key logger?
Gabriele
17-Aug-2009
[3076]
lol, you can see it this way.
Anton
17-Aug-2009
[3077]
Gabriele, thanks, that's very interesting, I will check it out. (Aha 
 make Root-protocol, I forgot about that.)
Anton
18-Aug-2009
[3078]
I had a go at it again with Gabriele's way of doing it. So far I 
can only intercept input and output when enter is pressed, not at 
individual key presses. I think I can only open system/ports/input 
in lines mode, the same as the default. From memory, now, I seem 
to remember somebody having a go at this and arriving at the same 
point. (Can anybody verify that?)
Pekr
18-Aug-2009
[3079x2]
Not sure I heard anything like that. The only thing I remember is 
that we got some advanced console mode, where you could use any key 
IIRC. There was even some animation done by Bo. The article was at 
rebolforces.com somewhere - not sure it could help your case though 
..

Ah, that is something different than what you need - http://www.rebolforces.com/articles/tui-dialect/
... but it reminded me to remember, how badly the windows console 
sucks :-(
Gabriele
18-Aug-2009
[3081x2]
system/ports/input needs to be in /lines mode IIRC... but you could 
open console:// in /binary mode, process it, and behave in lines 
mode for your custom scheme. More complicated than my example above 
for sure...

(still, ctrl-c and ctrl-v have always had a different meaning on 
terminals, so I'm not sure replacing them is a good idea. in particular, 
most likely you'd need to trap ctrl-c by trapping SIGINT... and that 
does not look like a great idea to me...)
Anton
18-Aug-2009
[3083x2]
Gabriele, could elaborate on that idea a bit? I'm having trouble 
visualizing how it would work.

(You are right about terminal signalling, but of course this is not 
the only thing this proxy port is useful for.)
Gabriele
19-Aug-2009
[3085x2]
in my example, you have your own port using your own scheme, and 
its sub-port which is the original system/ports/input. this sub-port 
need not be the original, you can open console:// yourself with your 
own flags (eg. binary). then you can process one char at a time, 
figure out line ending yourself, and send the entire line to the 
other side.

i think I probably need to write some code to make it more clear...
Anton
19-Aug-2009
[3087]
That makes it much more clear.
Anton
22-Aug-2009
[3088x5]
Hmm... more thinking and lots of questions come up.

Would your above system need WAIT ?

The only way I got console port to work is to set its awake function 
and use WAIT.

Or is there a way to set the handler in a console port?

Anyway, so it seems like you suggest to replace the default port 
at system/ports/input with an equivalent one which the system is 
expecting (ie. a direct/read/lines port), and then the subport can 
be a custom console port with binary, one char at a time stuff.

(It's unclear to me the relationship between a port and its subport. 
I know the port manages the opening/closing of its subport, but how 
can the port in lines mode transfer individual chars from its buffer 
into the subport ? Or do they both receive from the same input simultaneously 
automatically?)
Gabriele
23-Aug-2009
[3093x2]
when you're not in pass-thru mode, the only functions that get called 
are read and write. they both work at the binary level (read-io and 
write-io), so the conversion to lines is done by the native code 
under the hood. i don't know if you need pass-thru, though, and whether 
pass-thru will work for system/ports/input.

basically, on read you call read-io on the subport, maybe modify 
the buffer, etc. on write (for the output port), you can do the same, 
modify the buffer, then use write-io on the subport. wait on the 
subport is called by the system whenever wait on your port is called 
(that's why there's a get-sub-port function there).
Graham
28-Aug-2009
[3095x2]
Anyone know anything Apache exploits?  My site has been defaced http://www.compkarori.co.nz:8090

This was running Mindtouch deki wiki ... but now I get the same rubbish 
at any page so I suspect something is up with Apache.
Oldes
28-Aug-2009
[3097]
you have been Hacked By Cyb3rking
yeksoon
28-Aug-2009
[3098x2]
do u have direct access to the server?

may need to shut off the various ports first before you can even 
get it resolved
Oldes
28-Aug-2009
[3100]
http://tech.yahoo.com/qa/20090328150137AAzlEuc
Graham
28-Aug-2009
[3101x3]
don't understand the yahoo thing

there's only one port open to the world .. the one for web access

well, going to login to the console and have a poke around
Sunanda
28-Aug-2009
[3104]
Sorry to hear you've been attacked, Graham.

I hope it is not too much work to get it all back together....Don't 
work all night!

Looks like it was not personal -- just some automated tools seeking 
vulnerabilities.

You seem to be on a fairly recent version of Apache, but that does 
mean you may be some months behind on the security patches:
http://httpd.apache.org/security/vulnerabilities_22.html
yeksoon
28-Aug-2009
[3105]
actually, I thought Graham was on Apache 1.3*
Sunanda
28-Aug-2009
[3106]
Server id  says 2.2.3. (that may be just a reply string, not the 
real situation of course).
Graham
28-Aug-2009
[3107]
well, index.php has been changed
Henrik
28-Aug-2009
[3108]
I have an idle Cheyenne running on a Linode server without a domain 
name. it's been there for a couple of months now. I was a bit surprised 
to already see bots looking for wordpress, admin pages and attempts 
to submit various scripts for injection in the access log. Well, 
I guess I shouldn't be surprised.
Graham
28-Aug-2009
[3109x4]
Pity I couldn't run this under Cheyenne

At least I might have a clue how they did this.

well, the home page is now gone

I rm index.php
Henrik
28-Aug-2009
[3113]
I would love to see data mining tools that can detect such attempts 
at access in the access log without having to read through the log. 
Do they exist?
yeksoon
28-Aug-2009
[3114]
wonder if it is a permission issue on the index.php file
Gabriele
28-Aug-2009
[3115]
I'm ready to bet it was a deki wiki or php vulnerability rather than 
an apache one...
Graham
28-Aug-2009
[3116x3]
php I bet

now to figure how to backup the mysql files and transfer them to 
a backup of the vm

Looks like I was not the only vm user who was attacked.  Mindtouch 
are investigating.  They suspect a PHP5 vulnerability that I guess 
I should have updated :(
Graham
29-Aug-2009
[3119x2]
the vulnerability has been identified.  There is a vulnerability 
in the rich text editor which allow a user to upload a php file as 
an image type and then browse to it executing it.  http://xinha.webfactional.com/ticket/1363
 So, not really a php exploit ...

I would have thought that this was pretty basic stuff ... not allowing 
non image types to be uploaded!
older
newer		first
last