Home page logo

basics logo Security Basics mailing list archives

RE: Admin rights via backdoors
From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Fri, 9 Mar 2007 14:39:12 -0500


You can setup a netcat listener on any port and instruct it to execute
any executable when the port is knocked.  It will of course inherit the
permissions of the user/service account that launches it.

So, in your specific scenario, the backdoor would contain netcat, open a
listening port and do whatever when knocked.  It would execute with the
rights the financial app has (which likely can read and write sensitive


Check it out, it's pretty cool.

Typically dev and prod environments are separate.  Once the code is
reviewed and approved, it moves out of dev and into the hands of the
admins who install it, then care and feed for the app.  Devs generally
have no rights on prod boxes.

Kind Regards,
Scott Ramsdell

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of WALI
Sent: Friday, March 09, 2007 8:02 AM
To: security-basics () securityfocus com
Subject: Admin rights via backdoors

Hi Guys

I do understand the risks of seeing open ports on servers using
but need to demonstrate a concept to my managers, the need for
software developers and production environments, especially pertaining
an financial application being built in-house.

I maintain that getting admin rights into an application while bypassing

logical access controls flowing down from Active directory or OS level
trivial for a programmer if he hard codes some backdoor entry ports
with usernames and passwords. They disagree that if they have no AD
granted on the resource (different AD domains / filers etc), there is no

reason to physically isolate developers from production.

Is my contention conceptually correct? How can I demonstrate this with a

dummy application?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]