Security Basics: Admin rights via backdoors

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Admin rights via backdoors

From: WALI <hkhasgiwale () gmail com>
Date: Fri, 09 Mar 2007 18:02:22 +0400

Hi Guys

I do understand the risks of seeing open ports on servers using nmap/nessusbut need to demonstrate a concept to my managers, the need for segregatingsoftware developers and production environments, especially pertaining toan financial application being built in-house.

I maintain that getting admin rights into an application while bypassinglogical access controls flowing down from Active directory or OS level istrivial for a programmer if he hard codes some backdoor entry ports repletewith usernames and passwords. They disagree that if they have no AD rightsgranted on the resource (different AD domains / filers etc), there is noreason to physically isolate developers from production.

Is my contention conceptually correct? How can I demonstrate this with adummy application?

By Date By Thread

Current thread:

RE: Hacking Book / Information David (Mar 02)
- <Possible follow-ups>
- Re: Hacking Book / Information Gerhard Rickert (Mar 07)
  - Re: Hacking Book / Information Nabil Alsharif (Mar 08)
    - Admin rights via backdoors WALI (Mar 09)
    - RE: Admin rights via backdoors Scott Ramsdell (Mar 09)
    - Re: Admin rights via backdoors Adam Pridgen (Mar 12)
    - Re: Admin rights via backdoors Demonic Software (Mar 09)