[liberationtech] nweb + Tor

Jonathan Wilkes jancsika at yahoo.com
Mon Jan 20 17:06:22 PST 2014 

On 01/20/2014 02:56 PM, Jorge SoydelBierzo wrote:
> Nweb is easily exploitable
>
> A simple petition like this crashs server:
>
> GET 
> /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
> HTTP/1.0

That doesn't crash the server for me.  It just gives me an error that 
it's not found.

>
> It's also possible to hack core file using a special crafted petition, 
> using info gathered and metasploit to inject a shell using one of the 
> linux reverse payloads, giving access to your server with privileges 
> from user running the web server.

Does this require a buffer overflow first?

>
> Nweb is not for a production environment, better use Nginx without 
> access to cgi, php-fpm, etc. just for static content.

Thanks, I'll check out using Nginx for just static content.

-Jonathan

>
>
>
> 2014/1/20 Jonathan Wilkes <jancsika at yahoo.com <mailto:jancsika at yahoo.com>>
>
>     Hi list,
>          I'm thinking about setting up a slightly modified version of
>     nweb as a Tor hidden service:
>     http://www.ibm.com/developerworks/systems/library/es-nweb/index.html?ca=dat
>
>     This is for fun, mostly just to learn some more about Tor hidden
>     services and webservers.  But it's got me wondering: has anyone
>     done this yet?
>
>     If not, I'm curious what kinds of attacks a security specialist
>     sees with this setup if I just want to post something like the
>     text of the Magna Carta.  Especially-- are there simple attacks
>     against such a naive webserver like this that nginx or other
>     webservers run as a hidden service would prevent?
>
>     Best,
>     Jonathan
>     -- 
>     Liberationtech is public & archives are searchable on Google.
>     Violations of list guidelines will get you moderated:
>     https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>     Unsubscribe, change to digest, or change password by emailing
>     moderator at companys at stanford.edu <mailto:companys at stanford.edu>.
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140120/516103b8/attachment.html>

More information about the liberationtech mailing list