Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: BACKSTEALTH reverse engineered

Re: BACKSTEALTH reverse engineered

From: Shaun Clowes <shaun_at_securereality.com.au>
Date: Sat, 04 May 2002 12:29:51 +1000

> I've reverse engineered the backstealth program that's been going around,
> with the original info found at
> http://piorio.supereva.it/backstealth.htm?p

Just incase you're interested, the general technique you've reversed here is
very popular and well known. It's usually referred to as 'injecting a dll' and
was first documented by Jeffrey Richter in a 1994 Windows System Journal
article. His original source code (InjLib) is still around but a number of
(open and closed source) tools use it, e.g fport and pwdump. As you've found,
the ability to have code executed in the context of another process is very
useful and many security schemes can be subverted this way (hell, when you
think about it, kernel backdoors and viruses are really just souped up forms of
this).

Incidentally, injectso does pretty much the same thing on Solaris and
Linux systems.

Cheers,
Shaun

~
~
Received on May 04 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos