Originally Posted by
MikeyIckey
While some one here may know if an exploit exists in your code i foresee two problems:
1) this is a C/C++ forum so I'm not entirely sure anyone will answer your question.
2) #6 of the forum guidelines sticky specifically mentions things like hacking and cracking programs are frowned upon
just my thoughts
Hi, yea your right on number #6, and I am same with the forums guidelines and I also look down upon programs that use their power to hack or crack into or otherwise steal. I am not asking how to hack or crack, or how to use the holes to my power. I am asking how to patch or cover up the holes so that other users cant come in upon and protect my server/computer from hanfull people/programs. To which I believe is a valid question too.
Thanks for the help so far, and I know this is a c/c++ forum. I am just used to this board and getting information =) (really like the people here)
"Where does data come from? If it's user input, you have a possible directory traversal attack on your hands."
No, I have it in the server, code lines like down below. Would the attack still be possable?
Thank you also MikeyIckey for the link, i'll look around inside their forum for some of my answer.
I do have another question thats more networking then a programming. When I try to do the UDP connection the client couldn't connect. We both have routers and I wasnt sure on how to hook them up (or aka setting up port forwarding). This is what I have so far and set up the router like so.
App: Client2, Port From: 21567, Protocol: Both, IP Address: 192.168.1.135, Port to: 21568, and enable
(my side)
WAN: 75.134.61.245
LAN: 192.168.1.135
Code:
# Server program
from socket import *
import threading
import time
# Set the socket parameters
host = "75.134.61.245"
port = 21568
port2 = 21567
buf = 1024
buf2 = 1024
addr = (host,port)
# Create socket and bind to address
UDPSock = socket(AF_INET,SOCK_DGRAM)
UDPSock.bind(addr)
data,addr = UDPSock.recvfrom(buf)
client = data
addr2 = (client, port2)
data,addr = UDPSock.recvfrom(buf)
if data == "Hey you there?":
data = "Yes"
(UDPSock.sendto(data,addr2))
print client, " trying to log on."
# Receive messages
while 1:
data,addr = UDPSock.recvfrom(buf)
if not data:
print "Client has exited!"
break
else:
data2 = "Users/" + data + ".txt"
f = open(data2,"r")
lineList = f.readlines()
f.close()
name = data
name2 = "Name: " + data + "\n"
if name2 == lineList[0]:
data,addr = UDPSock.recvfrom(buf)
password = "Password: " + data + "\n"
if password == lineList[1]:
print name,"log on."
data = name
(UDPSock.sendto(data,addr2))
data = "===Welcome==="
(UDPSock.sendto(data,addr2))
while 1:
class receiver(threading.Thread) : # Receiver thread
def __init__(self, socket ):
threading.Thread.__init__(self)
self.setDaemon(True)
def run(self) :
while True : # Receive thread
data,addr = UDPSock.recvfrom(buf)
if not data : break
print data
UDPSock.close()
receiver(UDPSock).start()
while True : # Send in main thread
data = time.ctime() + " Mradr: " + raw_input()
(UDPSock.sendto(data,addr2))
UDPSock.close()
else:
print "Wrong."
else:
print "No one by that name."
# Close socket
UDPSock.close()