The Hack FAQ

7.0 Miscellaneous Basics


This section contains information that didn't seem to fit elsewhere.


7.1 What is a backdoor?

A backdoor is simply a way back into a system that not only bypasses existing security to regain access, but may even defeat any additional security enhancementsadded onto a system.

Backdoors can range from the simple to the exotic. Simple backdoors might include creating a new user account just for your intrusion needs, or taking over a little-used account. More complex backdoors may bypass regular access completely and involve trojans, such as a login program that gives you administrative access if you type in a special password.

Backdoors can be chained together, which is the technique used by most hackers. This involves a combination of techniques. For example, one or more accounts that have basic user access may have had their passwords cracked, and one or more accounts may be created by the hacker. Once the system is accessed by the hacker, the hacker may activate some technique or exploit a system misconfiguration that allows greater access. Often a hacker will lower the defenses in certain areas by slightly altering system configuration files. Perhaps a trojan program has been installed that will open holes upon command by the hacker. Some of these techniques will be discussed in detail in the individual operating system sections of this FAQ.

7.2 What is a buffer overflow?

A buffer overflow is when a buffer was assigned by a programmer to hold variable data, and the variable data placed into that buffer is greater that the size of the initial assignment of the buffer. Depending on the operating system and exactly what the "extra" data overflowing the buffer is, this can be used by a hacker to cause portions of a system to fail, or even execute arbitrary code.

Most buffer overflow exploits center around user-supplied data exceeding a buffer, and the extra data being executed on the stack to open up additional access. Buffer overflows exist on all major network operating systems. For a more deteailed explanation, read Smashing The Stack For Fun And Profit by Aleph1.

7.3 What is "lame"?

Lame. This is an adjective that says something is either useless or beneath a hacker to use, and therefore is shunned. It usually reflects a fixation on the simple and the bypassing of any real thought processes. Since that isn't much in the way of explanation, we'll define it in context:

Microsoft
Bill Gates has too much money, releases software loaded with security flaws, and will not fix any security problem unless the problem is made public. Real hackers will load up a free OS and only run Windows NT or 2000 in a VMWare virtual session. The only exception is to play games, and then a Win98 partition or extra computer is tolerated.
America Online
AOL is lame for several reasons. First, AOL has helped create a huge glut on the Internet as the AOL "engineers" worked feverishly to make AOL easy to use and then tied it to the Internet. This was done without providing Internet newbies with any sense of netiquette or how the medium worked. Instant chaos. Also, the vast majority of hacker wannabies that exist have either an AOL or Hotmail email address. A real hacker will download and install a free operating system, and hook up with an ISP that provides extra services such as shell access, etc. A wannabe uses Mommy's computer with Windows 98 and AOL already installed.
Hotmail
One of the first things AOL users or other wannabes who float from library to library for Internet computer time do is get a Hotmail account. Besides, it is.

7.4 How do I get around censorware like Net Nanny or the Great Firewall of China?

Peacefire, a "people for young people's freedom of speech" organization, has some good instructions.

7.5 How can I forge email addresses?

Let's assume you're connected to what's known as an open relay, a mail server that will attempt to deliver mail for any domain:

220 example.com ESTMP
helo foobar
250 example.com OK
mail from:<[email protected]>
250 Address OK
rcpt to:<[email protected]>
250 Kent.Torokvei OK
data
354 Enter mail, end with a single ".".
Kent, stop touching yourself!
.
250 Ok.
quit
221 Bye received. Goodbye.

If the admin had wisely disabled open relay, the mail server would have rejected the 'mail from' command because neither the From nor To header ends in the example.com domain. If you are local - topologically speaking - to the mail server, you may still spoof interally... unless the admin has enabled SMTP-AUTH, which requires a username/password login before the server will accept commands.

7.6 What's with ICQ?

If someone has turned on the "Activate my home page" feature it will turn their computer into a poor web server. Telnet to port 80 and type junk, followed by quit and enter. Boom, GPF. You can also explore the person's hard drive. Here's how:

http://members.icq.com/<ICQ of target person>

This will redirect you to the person's home computer and you'll have their IP address.

http://<IP address>/...../a2.html

This will show you the a2.html file in the ICQ directory. Add more dots and add .html to the url to look at other files.

This works on ICQ99a build 1700. The fix? Don't use ICQ, it's lame anyway.


Top | Next: Web Browser as Attack Target | Previous: Logging Basics | Table of Contents