/g/ - Technology

>>472 (OP) 
>How can you just type in 4chan.org on your browser, upload a pdf with AIDS and suddenly get access
It wasn't actually a PDF. It was .ps (postscript) but the server didn't check the filetype to filter out non-pdfs.
The file is automatically parsed in order to make a thumbnail. If you merely download a file without using any tool to analyze it in a sophisticated way such as by parsing it, it can't rape your computer. The issue is that parsing .pdf and .ps files is complicated, so ghostscript had a vulnerability in it that allowed arbitrary code execution if you triggered its bug.

Hoping that if (big IF there) 4chan ever comes back, they can get moot to run the site again and it'll be like the old days.
Something tells me, however, that moot probably isn't interested in running it again.

> that if (big IF there) 4chan ever comes back
4chan is not a mere ICANN-registered domain under the top-level domain .org that resolves to some web-server somewhere.

4chan is an idea.
I am 4chan and so are you.

TKD

https://www.icann.org/
https://en.wikipedia.org/wiki/Toplevel_Domain

1696390480009612.png
[Hide] (233.8KB, 306x586) Reverse

>>502
Moot retired with his Google stock options. He's wandering the Earth now like Myspace tom

bowIQZflGHY.jpg
[Hide] (60.5KB, 604x485) Reverse

>>474
>It wasn't actually a PDF. It was .ps (postscript) but the server didn't check the filetype to filter out non-pdfs.
>The file is automatically parsed in order to make a thumbnail.

Ok but how does that give you access to a top level admin account

4e76b9c33c9338474d195cc198b97798a385c82210bae1e61985882377a7ee5f.jpeg
[Hide] (25.6KB, 735x652) Reverse

13bf10610a643bb9aa92cc0b818bf7d73dbe4cbbdc6ebe46a57e3ae3e4c9cc87.png
[Hide] (524.6KB, 732x412) Reverse

>>540
Parsing a postscript file is complicated enough that triggering a bug by handing the parser a file with unexpected features can allow arbitrary code execution. That is, the hacker had a weird .ps file which triggered a bug and had a program embedded into it. The bug allowed the embedded program to be executed and this meant the hacker's program started running after the 4chan server attempted to parse the file in order to create a thumbnail.

Once the hacker's program was running, he could obtain shell access and run whatever other programs he wanted as a regular user. Now since it is unlikely that he had root access at this point, he had to exploit another bug in order to have administrator privileges and do anything he wanted to the entire OS and all its files. Gaining root access probably wasn't difficult because this was a very outdated version of FreeBSD with documented root privilege escalation exploits.

Where was this originally posted?

kotmostik.png
[Hide] (149.1KB, 353x285) Reverse

>>547
The gay soijack image board where the hacker came from. I was there the day of and it was slow af and crashing from all the traffic

>>555
I still think it's funny 4channel was taken down because it was 'too liberal'

1611869983510.png
[Hide] (178.1KB, 473x389) Reverse

>>472 (OP) 
Is the hacker going to get away with it? Is there any possibility of legal consequences?

>>578
>Is the hacker going to get away with it?
Nobody knows. We might assume he was smart enough to use a VPN but maybe he didn't care.

>Is there any possibility of legal consequences?
Of course. American judges have often punished hackers harshly—sometimes worse than niggers who commit murder

1745629926940232.png
[Hide] (82.7KB, 558x1536) Reverse

>>472 (OP) 
>UK IP
>all that damage control