Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Admin rights via backdoors

from [Adam Pridgen] Network Security [Permanent Link]
Subject: Re: Admin rights via backdoors
Date: Sun, 11 Mar 2007 01:41:54 -0600 
Out of boredom and curiosity, I spent the better part of my weekend
writing this little demo program.  It simulates a back door that could
be hidden in an application.  It uses a simple port-knock to figure
out who to connect back too.  The source has directions about how to
run the demo, which is attached.

I think with a little bit more attention the code could actually be
trimmed down and hidden well in an application.  I am not a hard core
programmer on the win32 platform so the code is somewhat bulky and
rough around the edges, but I think it would help eliminate or at
least reduce the idea that user rights of a developer are not required
on the production machine.

Cheers,

Adam

On 3/9/07, Scott Ramsdell <Scott.Ramsdell@cellnet.com> wrote: 
Hi WALI,

You can setup a netcat listener on any port and instruct it to execute
any executable when the port is knocked.  It will of course inherit the
permissions of the user/service account that launches it.

So, in your specific scenario, the backdoor would contain netcat, open a
listening port and do whatever when knocked.  It would execute with the
rights the financial app has (which likely can read and write sensitive
info).

http://m.nu/program/util/netcat/netcat.html

Check it out, it's pretty cool.

Typically dev and prod environments are separate.  Once the code is
reviewed and approved, it moves out of dev and into the hands of the
admins who install it, then care and feed for the app.  Devs generally
have no rights on prod boxes.

Kind Regards,
Scott Ramsdell

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of WALI
Sent: Friday, March 09, 2007 8:02 AM
To: security-basics@securityfocus.com
Subject: Admin rights via backdoors

Hi Guys

I do understand the risks of seeing open ports on servers using
nmap/nessus
but need to demonstrate a concept to my managers, the need for
segregating
software developers and production environments, especially pertaining
to
an financial application being built in-house.

I maintain that getting admin rights into an application while bypassing

logical access controls flowing down from Active directory or OS level
is
trivial for a programmer if he hard codes some backdoor entry ports
replete
with usernames and passwords. They disagree that if they have no AD
rights
granted on the resource (different AD domains / filers etc), there is no

reason to physically isolate developers from production.

Is my contention conceptually correct? How can I demonstrate this with a

dummy application?


Attachment: SpecialRequest.cpp
Description: Text document

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Security Risks and contorls of Wireless mouse and keyboards, Pranav Lal
Next by Date:  RE: RDP Security, Bryan Ponnwitz
Previous by Thread:  RE: Admin rights via backdoors, Scott Ramsdell
Next by Thread:  Re: Admin rights via backdoors, Demonic Software
Indexes:  [Date] [Thread] [Top] [All Lists]