Was looking randomly at my logs today.

noticed that I got a visit from shodan, witch I didn't like, having port
open is one thing, having them listed on a search engine is less fun. I
get poked on all the open enough port thank you. (updated my host.can
for *.census.shodan.io we'll see if it help and I'll change my ip)

So for fun (actually as a precaution) I was looking if there where known exploit for synchronet. Seem old ( 2017 ) so must be old news for you guys.

So far only see that script for the version 3.16c for windows, the
script is at a few places, it's in python, primitive but will flood port
80 with a get to index.ssjs but with a referrer string of 'A' 4096 long.
I haven't check the code yet on synchronet side, but i bet they want to
create a buffer overflow and make the service crash. and at the same
time each loop in the code is sending that 956 time (why 956?? ) then
wait 25 sec and do it again for 2 others attempt

so it has a CVE http://cve.circl.lu/cve/CVE-2017-6371 and the script can
be found https://packetstormsecurity.com/files/141396/Synchronet-BBS-3.16c-For-Windows-Denial-Of-Service.html


Myself I can say over the time I've seen a lot of stuff happening a lot
of attempt like trying to access busybox and other link through HTTP and poking telnet and other port.

So far Synchronet has been very solid at least under linux, haven't ran
it on windows since 2009.

Part of the joy of running a BBS.

---
þ Synchronet þ MtlGeek - Geeks in Montreal - http://mtlgeek.com/ -
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: exploit ?
By: Ennev to DOVE-Net.Synchronet_Sysops on Wed Aug 12 2020 12:19 pm

Was looking randomly at my logs today.

noticed that I got a visit from shodan, witch I didn't like, having port open is one thing, having them listed on a search engine is less fun. I
get poked on all the open enough port thank you. (updated my host.can
for *.census.shodan.io we'll see if it help and I'll change my ip)

So for fun (actually as a precaution) I was looking if there where known exploit for synchronet. Seem old ( 2017 ) so must be old news for you guys.

So far only see that script for the version 3.16c for windows, the
script is at a few places, it's in python, primitive but will flood port
80 with a get to index.ssjs but with a referrer string of 'A' 4096 long.
I haven't check the code yet on synchronet side, but i bet they want to create a buffer overflow and make the service crash. and at the same
time each loop in the code is sending that 956 time (why 956?? ) then
wait 25 sec and do it again for 2 others attempt

so it has a CVE http://cve.circl.lu/cve/CVE-2017-6371 and the script can
be found https://packetstormsecurity.com/files/141396/Synchronet-BBS-3.16c-For -Windows-Denial-Of-Service.html

My recollection is that problem has been resolved, though I can't seem to locate any commit message in reference to that CVE. Anyone try the script to see if you can reproduce it?

digital man

Synchronet "Real Fact" #92:
Digital Man's manifesto from '96: http://wiki.synchro.net/history:manifesto Norco, CA WX: 95.4øF, 22.0% humidity, 6 mph ENE wind, 0.00 inches rain/24hrs --- SBBSecho 3.11-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

My recollection is that problem has been resolved, though I can't seem to locate any commit message in reference to that CVE. Anyone try the script to see if you can reproduce it?

I'll try it, but on my linux install. Any windows volunteer ?

---
þ Synchronet þ MtlGeek - Geeks in Montreal - http://mtlgeek.com/ -
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

see if you can reproduce it?

o.k. ran the script on another box on the same local network (gigabit ethernet) and it didn't break the service, but got it to be non responsive for a while, looking at the logs :

ug 12 18:40:00 bbs20200714 synchronet: web 0083 Session thread terminated (32 clients, 66 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0078 Session thread terminated (31 clients, 64 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0085 Session thread terminated (30 clients, 62 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0091 Session thread terminated (29 clients, 60 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0057 Session thread terminated (28 clients, 58 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0092 Session thread terminated (27 clients, 56 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0096 Session thread terminated (26 clients, 54 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0069 Session thread terminated (25 clients, 52 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0099 Session thread terminated (24 clients, 50 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0098 Session thread terminated (23 clients, 48 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0089 Session thread terminated (22 clients, 46 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0061 Session thread terminated (21 clients, 44 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0052 Session thread terminated (20 clients, 42 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0053 Session thread terminated (19 clients, 40 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0100 Session thread terminated (18 clients, 38 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0060 Session thread terminated (17 clients, 36 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0068 Session thread terminated (16 clients, 34 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0062 Session thread terminated (15 clients, 32 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0079 Session thread terminated (14 clients, 30 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0048 Session thread terminated (13 clients, 28 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0084 Session thread terminated (12 clients, 26 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0058 Session thread terminated (11 clients, 24 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0056 Session thread terminated (10 clients, 22 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0070 Session thread terminated (9 clients, 20 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0076 Session thread terminated (8 clients, 18 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0051 Session thread terminated (7 clients, 16 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0087 Unable to send to peer
Aug 12 18:40:00 bbs20200714 synchronet: web 0064 Session thread terminated (6 clients, 14 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0054 Session thread terminated (5 clients, 12 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0033 Session thread terminated (4 clients, 10 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0087 Sending file: /sbbs/temp/SBBS_SSJS.667.87.html (0 bytes)
Aug 12 18:40:00 bbs20200714 synchronet: web 0081 Session thread terminated (3 clients, 8 threads remain, 5942 served)
Aug 12 18:40:00 bbs20200714 synchronet: web 0047 Session thread terminated (2 clients, 6 threads remain, 5942 served)
Aug 12 18:40:01 bbs20200714 synchronet: web 0075 Session thread terminated (1 clients, 4 threads remain, 5942 served)
Aug 12 18:40:01 bbs20200714 synchronet: web 0087 Session thread terminated (0 clients, 2 threads remain, 5942 served)

look it was trying to reply to every request.

so it took it a few min to recover, but service stayed up.

my setup :

Synchronet BBS for Linux Version 3.18a
Revision a Jul 14 2020 14:23 SMBLIB 2.61 GCC 9.3.0
Copyright 2020 Rob Swindell - http://www.synchro.net
JavaScript-C 1.8.5 2011-03-31
GLIBC 2.31
Linux 5.4.0-42-generic x86_64

latest apt-get dist-upgrade on a ubuntu 20.04.01 LTS

---
þ Synchronet þ MtlGeek - Geeks in Montreal - http://mtlgeek.com/ -
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: exploit ?
By: Ennev to Digital Man on Wed Aug 12 2020 06:11 pm

My recollection is that problem has been resolved, though I can't seem to locate any commit message in reference to that CVE. Anyone try the script to see if you can reproduce it?

I'll try it, but on my linux install. Any windows volunteer ?

You can hit vert.synchro.net with it, I won't be block ya. :-)

digital man

Sling Blade quote #8:
Karl Childers: I don't reckon I got no reason to kill nobody.
Norco, CA WX: 77.1øF, 48.0% humidity, 4 mph ESE wind, 0.00 inches rain/24hrs --- SBBSecho 3.11-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

You can hit vert.synchro.net with it, I won't be block ya. :-)

ok, i did it around 7:39 eastern time

[*] Try: 75
[*] Try: 76
[-] The service seems to be down

[i] Waiting a few seconds before starting a second attack.

[*] Second run to trigger the DoS
[-] The service seems to be down.

[i] Wait before the final strike.

[*] Third run to trigger the DoS
[-] The service seems to be down.

[!] It can take a few seconds for the service to crash


on the website firefox said :


The connection has timed out

The server at vert.synchro.net is taking too long to respond.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.

at 8:00, 20min later it still look down.

---
þ Synchronet þ MtlGeek - Geeks in Montreal - http://mtlgeek.com/ -
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: exploit ?
By: Ennev to Digital Man on Thu Aug 13 2020 08:02 am

You can hit vert.synchro.net with it, I won't be block ya. :-)

ok, i did it around 7:39 eastern time

[*] Try: 75
[*] Try: 76
[-] The service seems to be down

[i] Waiting a few seconds before starting a second attack.

[*] Second run to trigger the DoS
[-] The service seems to be down.

[i] Wait before the final strike.

[*] Third run to trigger the DoS
[-] The service seems to be down.

[!] It can take a few seconds for the service to crash

on the website firefox said :

The connection has timed out

The server at vert.synchro.net is taking too long to respond.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.

at 8:00, 20min later it still look down.

Yeah, it was down for a different reason (left a break point set in my attached debugger - oops!).

digital man

This Is Spinal Tap quote #43:
I feel my role in the band is ... kind of like lukewarm water.
Norco, CA WX: 90.9øF, 19.0% humidity, 3 mph ESE wind, 0.00 inches rain/24hrs --- SBBSecho 3.11-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Rob,

Yeah, it was down for a different reason (left a break point set in my attached debugger - oops!).

I hate it when I do things like that...sort of like I had the command in
a batchfile GOTO EXIT -- and I couldn't figure out why nothing happened,
when the batchfile ran. Then, when I discovered the error, I felt so dumb.
Once I removed that line, all was well.

Daryl

... Auto correct has become my own worst enema.
--- MultiMail/Win v0.52
þ Synchronet þ The Thunderbolt BBS - tbolt.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)