I recently set out to learn the security implications of generative AI. While harassing the ChatGPT bot through the OpenAI interface it occurred to me to integrate its features into my existing text-based MUSH game. So today I bring you instructions for powering an in-game NPC with the OpenAI API.
Tag: MUSH
Back-Alley Hacking: 8Bit MUSH (Part Two)
In Part One we discovered an object that lets us execute arbitrary commands via unsafe handling of user input - the Alley room. Now we want to understand the blast radius of this issue. The first question to ask is, "What does the Alley control?"
Alley(#9485RISVB) Type: Room Flags: TRUST STICKY VISUAL BATHROOM Owner: 8BitMUSH Zone: NOTHING Coins: 0 Created: Sat Apr 28 13:14:31 2001
The help entry for help control
tells us that if the Alley has the TRUST
flag, it controls anything with the same owner that isn't set WIZARD
. As it turns out, the 8BitMUSH
user owns a great deal of things throughout 8Bit.
Back-Alley Hacking: 8Bit MUSH (Part One)
I created a MUSH called Parlor City in the beginning of 2019. This is an online, multi-player, text-based social game that uses a rudimentary code base for world-building.
Parlor City was opened after about 18 months of work, at which time I sought out another MUSH where I could gain some experience and a change of scenery. MUSH trackers suggest that there are roughly eight-hundred different MUSH-style games available, each with unique themes and styles.
I asked users of PennMUSH (an invaluable coding forum) if any particular crew was known to be hostile or disreputable. The answer came back: "The folks at 8Bit have been known to break MUSHes for fun." So that's what I wanted to join.
...continue reading "Back-Alley Hacking: 8Bit MUSH (Part One)"
MUSH and Restricted Shell
I have slowly been working on a MUSH, which is an online, multi-player, text-based social game. The game Zork (1977) is probably the most popular game in this style, although it is not multi-player. I decided to use PennMUSH as the server distro since it seems to have the widest support.
MUSH servers open a raw TCP socket for incoming connections and most sessions occur over plaintext. There are a handful of MUSH clients that players can use but a simple TELNET connection also works. MUSH servers understand enough of the TELNET protocol to refuse option negotiation.
At one time I decided to create restricted shell accounts for users and have them connect to the MUSH via localhost
rather than expose the MUSH server to the open internet. I have since walked that back and just opened it to the internet but shell accounts are still an option. See this page for some details. ...continue reading "MUSH and Restricted Shell"