rejetto forum

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Mars

Pages: 1 2 3 ... 135
1
Everything else / Re: Taking a summer break and some time off
« on: January 22, 2025, 01:28:59 PM »
It's not a big deal, the cupboards and the freezer are full, we won't starve to spend your return. ;D ;D

do your job well and don't force too much on the tequila during the aperitif breaks 8) ;)

PS: I'm closing this topic since it doesn't need any further comments.

 ;D all the ways of the lord are not impenetrable

2
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« on: January 09, 2025, 12:46:12 PM »
what is missing it´s a swtich of templates as exist when we use a computer or smartphones for example, but in this case it´s more simple to have two versions of hfs and run only the one with macros or not ;D

3
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« on: January 08, 2025, 01:08:21 PM »
In the face of all these hacking possibilities, it is up to the fact that hfs is running on a virtual machine in a restricted environment. ;D

HFS is of an old design, no matter how much we try to plug the holes, but we'll never be safe from further leaks.
it is always possible to use version 2.2f which makes it possible to distribute content as one looks at a film,

otherwise we use a version with macros, which allows a certain interactivity, but it's like with games, there's always some that will always try to cheat to win not much except forge in the idea that they beat the designer in his efforts to make his product inviolable. It's a racing game where we can quickly make mistakes that make us lose the race.

the race here is that of inventiveness that will give the one who will be the most clever to supplant the other by cutting off the grass under his foot, like a chess player it is not because we lose coins or even the queen that we are on the ground as long as failure and matte is not announced 8) 8)

4
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« on: January 07, 2025, 01:30:08 AM »
@Rapid

With a download size of 0 bits, your HFS breaks all compression records  ;D ;D ;D

5
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« on: January 03, 2025, 11:31:41 PM »

Since there are still a fans of hfs 2.3m build 300, and who are concerned about the risk of being hackered with the EXEC macro, the simplest at the moment is to allow a deactivation of this macro which is only rarely used and in very specific cases,

the solution envisaged to limit the number of accessible external programs that would be included in a reduced list is not possible at the moment as long as an effective filtering is not possible for the moment to be possible.


This is an ephemeral link on a version  compressed with upx, wich has not be endorsed by rejetto, but because of my previous participation in the project I can afford it without waiting ;)
 it integrates a button in the toolbar to activate the use of the macro exec.
HFS 2.3m build 305

the macro is systematically in OFF mode as soon as the server is started up or at each change of state of the latter.

the macro is automatically deactivated when the display is switched to EASY mode, and the button is inoperative.

when the conditions are met, it is possible to activate the use of the EXEC macro for a period of 30 seconds, this value can be modified by right-clicking on the button,

any change to a value other than that displayed on the opening of the message causes the timer to stop, so it is necessary to reactivate the button.

As a measure of simplicity, a zero value inhibits the timer and the button becomes a simple state flip-flop, otherwise it behaves like a timer.

6
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« on: October 06, 2024, 06:10:59 PM »
Hello to both of you, even if I am not involved in HFS3 which for me represents a completely different project from HFS2.x, I keep an eye on the possible changes to be made to the latter.

With some similar approaches I did not arrive at a satisfactory result, there are indeed not only the urlvars to control but also the recursion of the attack used by using %url%, it is also necessary to take into account the postvars and as said rejecto the attacks by headers

I looked into a more restrictive use of the EXE macro, by limiting the programs to launch to those contained exclusively in a subdirectory of HFS, but I do not manage the %url% in the state in loop

Quote
  procedure exec_();
  var
    s: string;
    code: cardinal;
  begin

  if not fileExists(exepath+'exec\'+extractFileName(macroDequote(p))) then
    begin
      pars.clear();
      result:='';
      mainfrm.add2log('DISCONNECTED'+CRLF+exepath+'exec\'+extractFileName(macroDequote(p)));
      disconnect();
      exit;
    end;

  s:=macroDequote(par(1));
  if fileOrDirExists(s) then
    s:=quoteIfAnyChar(' ', s)
  else
    if unnamedPars < 2 then
      s:='';
  if parExist(['out']) or parExist(['timeout']) or parExist(['exit code']) then
    try
      spaceIf(captureExec(macroDequote(p)+nonEmptyConcat(' ', s), s, code, parF('timeout',2)));
      try setVar(parEx('exit code'), intToStr(code)) except end;
      setVar(parEx('out'), s);
    except end
  else
    spaceIf(exec(macroDequote(p), s))
  end; // exec_

put the file calc.exe (to test) inside a new exec\ subdir and use macro {.exec|calc.exe.} ,  bad syntax without extension  {.exec|calc.} is stopped

This is a safe and absolute start for those who do not leave an executable in the exec\ directory.

What a hacker doesn't know about available resources is an obstacle to hacking.

7
Everything else / Re: Message to Rejetto: forum's email is broken
« on: August 05, 2024, 11:19:54 PM »

works as expected, bots will be able to have fun again

 :o

9
HFS ~ HTTP File Server / Re: HFS including SSl tools
« on: January 15, 2024, 09:13:31 PM »
Unless you are on 32-bit Windows, you can replace stunnel included in hfs with the latest 64 bits version available for loading there

https://www.stunnel.org/downloads.html

10
HFS versions 2.3 and 2.4 will no longer evolve, the VFS recording format cannot be modified in order to maintain compatibility between these versions

a new HFS 3.0 development has been implemented by rejecto by following this link
https://rejetto.com/forum/index.php?board=46.0

11
your HFS works correctly, access via your external IP is viable, I was able to verify it by using it directly 

rather than using the DNS address from your smartphone, carry out the manipulation using the external IP that your HFS can obtain from Menu->Ip address->Find external address

Don't give your IP here, rejetto and I already have it in your profile

12
This is the only method that comes to mind, and I hope that it will solve your problem of loss of VFS  ;)

switch to expert mode (key F5)
select Menu>Save options to file,  and activate  Menu>Auto-save Options

in Menu>Virtual File System , choice Backup on Save   and  Autosave every: enter 900 (= every 15mn) or more

Menu>Others options> Edit Event Script... (ALT+F6)

put this content in hfs.events and save it in the hfs.exe folder
Code: [Select]
[server start]
{.if|{.{.filesize|hfs.vfs.}<255.}|
{:{.add to log|Empty VFS detected.}
  {.if|{.exists|hfs.vfs.bak.}|
{:{.add to log| VFS backup found.}
  {.delete|hfs.vfs.}
  {.copy|hfs.vfs.bak|hfs.vfs.}
  {.add to log| previous VFS restored and loaded.}
:}|{:{.add to log| VFS backup not found.}:}
/if.}:}
|{:{.add to log|VFS seems good.}:}
/if.}

this script tests if the size of the vfs is less than a certain value (255 to be reduced if necessary) and in this case restores the backup, every time  the server is SWITCHING ON ( not possible only when hfs is launched), allowing a functional VFS to be found

verify  in windows registry if not exist those keys  else delete them
HKEY_CURRENT_USER\Software\rejetto  and  HKEY_LOCAL_MACHINE\Software\rejetto

13
HFS ~ HTTP File Server / Re: HFS including SSl tools
« on: March 16, 2023, 10:31:21 PM »
No there will be no new version beyond the one already available in 2.x
a new project supporting https is already available in this topic
https://rejetto.com/forum/index.php?topic=13506.msg1067143#msg1067143

14
Bug reports / Re: False errors on upload
« on: January 26, 2023, 10:15:57 PM »
so it looks like this folder is visible in the VFS, since you changed the access properties there

try to go to the diff template tab and you can place a customization of the upload results there by adding this section

Code: [Select]
[+upload-success]
{.add to log|{.filename|%item-resource%.}=uploaded by {.if|{.length|%user%.}|%user%|Anonymous /if.}./add to log.}

15
HFS ~ HTTP File Server / Re: Rejetto HFS file server alternative?
« on: November 15, 2022, 03:44:12 PM »
Why shouldn't you wake a sleeping cat?
Cats who are deprived of these stages of sleep can become lethargic or irritable, it is therefore better to avoid waking them up as much as possible

and I must say that taking care of an awakened Fysack is not easy  ;D ;D ;D

Pages: 1 2 3 ... 135