This section contains information that didn't seem to fit elsewhere.
A backdoor is simply a way back into a system that not only bypasses existing security to regain access, but may even defeat any additional security enhancementsadded onto a system.
Backdoors can range from the simple to the exotic. Simple backdoors might include creating a new user account just for your intrusion needs, or taking over a little-used account. More complex backdoors may bypass regular access completely and involve trojans, such as a login program that gives you administrative access if you type in a special password.
Backdoors can be chained together, which is the technique used by most hackers. This involves a combination of techniques. For example, one or more accounts that have basic user access may have had their passwords cracked, and one or more accounts may be created by the hacker. Once the system is accessed by the hacker, the hacker may activate some technique or exploit a system misconfiguration that allows greater access. Often a hacker will lower the defenses in certain areas by slightly altering system configuration files. Perhaps a trojan program has been installed that will open holes upon command by the hacker. Some of these techniques will be discussed in detail in the individual operating system sections of this FAQ.
A buffer overflow is when a buffer was assigned by a programmer to hold variable data, and the variable data placed into that buffer is greater that the size of the initial assignment of the buffer. Depending on the operating system and exactly what the "extra" data overflowing the buffer is, this can be used by a hacker to cause portions of a system to fail, or even execute arbitrary code.
Most buffer overflow exploits center around user-supplied data exceeding a buffer, and the extra data being executed on the stack to open up additional access. Buffer overflows exist on all major network operating systems. For a more deteailed explanation, read Smashing The Stack For Fun And Profit by Aleph1.
Lame. This is an adjective that says something is either useless or beneath a hacker to use, and therefore is shunned. It usually reflects a fixation on the simple and the bypassing of any real thought processes. Since that isn't much in the way of explanation, we'll define it in context:
Peacefire, a "people for young people's freedom of speech" organization, has some good instructions.
Let's assume you're connected to what's known as an open relay, a mail server that will attempt to deliver mail for any domain:
220 example.com ESTMP helo foobar 250 example.com OK mail from:<[email protected]> 250 Address OK rcpt to:<[email protected]> 250 Kent.Torokvei OK data 354 Enter mail, end with a single ".". Kent, stop touching yourself! . 250 Ok. quit 221 Bye received. Goodbye.
If the admin had wisely disabled open relay, the mail server would have rejected the 'mail from' command because neither the From nor To header ends in the example.com domain. If you are local - topologically speaking - to the mail server, you may still spoof interally... unless the admin has enabled SMTP-AUTH, which requires a username/password login before the server will accept commands.
If someone has turned on the "Activate my home page" feature it will turn their computer into a poor web server. Telnet to port 80 and type junk, followed by quit and enter. Boom, GPF. You can also explore the person's hard drive. Here's how:
http://members.icq.com/<ICQ of target person>
This will redirect you to the person's home computer and you'll have their IP address.
http://<IP address>/...../a2.html
This will show you the a2.html file in the ICQ directory. Add more dots and add .html to the url to look at other files.
This works on ICQ99a build 1700. The fix? Don't use ICQ, it's lame anyway.
Top | Next: Web Browser as Attack Target | Previous: Logging Basics | Table of Contents