Attack on a Linux file server | What is the damage of this file contents?

Posted on

Problem :

TCP Networking

This file was uploaded using a loophole in a file uploading network program I was writing. The ability to access the server itself was too simple and the techniques I used resulted in someone being able to decompile the code and rewrite the upload method used.

The client program uses sockets to connect to the server program through .NET’s TcpClient to then download the contents of this file, then display the text contents of the file into a WPF ListBox.

The Resulting HTTP Header

Screenshot of the file contents


Is this serious? Unfortunately someone had downloaded this file with the compromised data.

Solution :

The long string of ASCII characters after the HTML header was the result of byte values not being cut off from the network transmission of data. Looking at the data in a Windows IDE shows that the value is /0/0/0… etc. being written to the remote server.

Due to how the file was handled by the server program, it is unlikely that it caused any problem.

Leave a Reply

Your email address will not be published. Required fields are marked *