fstd / pstd Goto Github PK

View Code? Open in Web Editor NEW

3.0 3.0 1.0 54 KB

pstd - command line pastebin

License: BSD 2-Clause "Simplified" License

Shell 8.56% Perl 84.04% Roff 7.40%

pstd's People

Contributors

Stargazers

Watchers

Forkers

chillerdragon

pstd's Issues

What about filenames?

Sometimes it would be nice to provide a name instead of generating a name.

sed warning

$ ./pstd_server.pl -l 0.0.0.0:8080 -H http://149.202.127.134:8080
sed: -e expression #1, char 25: unknown option to `s'

crash: cannot determine peer address

pstd_server.pl: 2019-12-06 22:45:57 +0000: 66.XX.XXX.XXX: Bad first data chunk 'GET /favicon.ico HTTP/1.1$$Host: 149.202.127.134:8080$$Accept: image/webp,image/apng,image/*,*/*;q=0.8$$Accept-Encoding: gzip, deflate$$Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7$$Forwarded: for=74.XX.XXX.XXX$$Referer: http://149.202.127.134:8080/44$$Save-Data: on$$Scheme: http$$Via: 1.1 Chrome-Compression-Proxy$$X-Forwarded-For: 74.XX.XXX.XXX$$Connection: keep-alive$$User-Agent: Mozilla/5.0 (Linux; Android 10; MI 9) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Mobile Safari/537.36$$$$'
pstd_server.pl: 2019-12-06 22:46:02 +0000: 66.XX.XXX.XXX: Bad first data chunk 'GET /favicon.ico HTTP/1.1$$Host: 149.202.127.134:8080$$Accept: image/webp,image/apng,image/*,*/*;q=0.8$$Accept-Encoding: gzip, deflate$$Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7$$Cache-Control: no-cache$$Forwarded: for=74.119.145.52$$Pragma: no-cache$$Referer: http://149.202.127.134:8080/44$$Save-Data: on$$Scheme: http$$Via: 1.1 Chrome-Compression-Proxy$$X-Forwarded-For: 74.119.145.52$$Connection: keep-alive$$User-Agent: Mozilla/5.0 (Linux; Android 10; MI 9) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Mobile Safari/537.36$$$$'
Use of uninitialized value $who in concatenation (.) or string at
        ./pstd_server.pl line 733 (#1)
    (W uninitialized) An undefined value was used as if it were already
    defined.  It was interpreted as a "" or a 0, but maybe it was a mistake.
    To suppress this warning assign a defined value to your variables.

    To help you figure out what was undefined, perl will try to tell you
    the name of the variable (if any) that was undefined.  In some cases
    it cannot do this, so it also tells you what operation you used the
    undefined value in.  Note, however, that perl optimizes your program
    and the operation displayed in the warning may not necessarily appear
    literally in your program.  For example, "that $foo" is usually
    optimized into "that " . $foo, and the warning will refer to the
    concatenation (.) operator, even though there is no . in
    your program.

Use of uninitialized value in concatenation (.) or string at ./pstd_server.pl
        line 733 (#1)
Use of uninitialized value $who in concatenation (.) or string at
        ./pstd_server.pl line 734 (#1)
Use of uninitialized value $who in concatenation (.) or string at
        ./pstd_server.pl line 744 (#1)
Use of uninitialized value in concatenation (.) or string at ./pstd_server.pl
        line 744 (#1)
Use of uninitialized value $who in concatenation (.) or string at
        ./pstd_server.pl line 746 (#1)
Use of uninitialized value $who in concatenation (.) or string at
        ./pstd_server.pl line 445 (#1)
Use of uninitialized value in concatenation (.) or string at ./pstd_server.pl
        line 445 (#1)
Use of uninitialized value $who in concatenation (.) or string at
        ./pstd_server.pl line 447 (#1)
Use of uninitialized value $who in concatenation (.) or string at
        ./pstd_server.pl line 454 (#1)
pstd_server.pl: 2019-12-07 00:13:49 +0000: : Empty read
Uncaught exception from user code:
        send: Cannot determine peer address at ./pstd_server.pl line 553.
        IO::Socket::send(IO::Socket::INET=GLOB(0x5589ea216120), "HTTP/1.1 200 OK\x{d}\x{a}Content-Type: text/plain; charset=UTF-8\x{d}\x{a}Con"...) called at ./pstd_server.pl line 553
        main::respond(IO::Socket::INET=GLOB(0x5589ea216120), "text/plain", "ERROR: You what?\x{a}") called at ./pstd_server.pl line 455
        main::handle_clt(IO::Socket::INET=GLOB(0x5589ea216120), undef) called at ./pstd_server.pl line 748

I do not know what happend exactly the traffic looked like somebody was scanning my server for vulnerabilitys so it might be intentionally nasty but thats just an assumption. So I can not reproduce it sadly.
Was using the devel branch.

FATAL: cbc_start failed: Invalid key size.

Even tho my pstd server does not survive longer than 1 day without this crash I cannot reproduce it. I tested it on fstd:devel because master still fails on peer address.

FATAL: cbc_start failed: Invalid key size. at /home/pstd/perl5/lib/perl5/x86_64-linux-gnu-thread-multi/Crypt/Mode/CBC.pm line 14.

I assume it fails in one of these two places and the key is either lass than 16 or not a multiple of 16:

https://github.com/DCIT/perl-CryptX/blob/master/src/ltc/ciphers/aes/aes.c#L131
https://github.com/DCIT/perl-CryptX/blob/master/src/ltc/ciphers/aes/aes.c#L735

It seems like more than 16 is just find but when playing around with the pstd soruce it said something about multiples of 16:

pstd_server.pl: 2019-12-16 12:15:25 +0100: decrypting key='aaaaaaaaaaaaaaaa' paste='xxxxxxxxxxxxxxxx$'
FATAL: cipher text length has to be multiple of 16 (1) at /usr/local/lib/x86_64-linux-gnu/perl/5.28.1/Crypt/Mode/CBC.pm line 20.

What does this code even do?

pstd/pstd_server.pl

Lines 423 to 424 in 2b2b8b2

    
           } elsif ($readbuf{$whoipp} =~ /^GET \/([a-zA-Z0-9]+)(?:\/([a-zA-Z0-9]{16}))?\b(?:\?([a-z]+))?\b/) { 
        
           	$resp=process_GET($clt, $1, $3, $2);

How do I enter that branch and what kind of feature is that?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

	} elsif ($readbuf{$whoipp} =~ /^GET \/([a-zA-Z0-9]+)(?:\/([a-zA-Z0-9]{16}))?\b(?:\?([a-z]+))?\b/) {
	$resp=process_GET($clt, $1, $3, $2);