Security Basics mailing list archives
Re: Admin rights via backdoors
From: "Adam Pridgen" <Adam.Pridgen () gmail com>
Date: Sun, 11 Mar 2007 01:41:54 -0600
Out of boredom and curiosity, I spent the better part of my weekend writing this little demo program. It simulates a back door that could be hidden in an application. It uses a simple port-knock to figure out who to connect back too. The source has directions about how to run the demo, which is attached. I think with a little bit more attention the code could actually be trimmed down and hidden well in an application. I am not a hard core programmer on the win32 platform so the code is somewhat bulky and rough around the edges, but I think it would help eliminate or at least reduce the idea that user rights of a developer are not required on the production machine. Cheers, Adam On 3/9/07, Scott Ramsdell <Scott.Ramsdell () cellnet com> wrote:
Hi WALI, You can setup a netcat listener on any port and instruct it to execute any executable when the port is knocked. It will of course inherit the permissions of the user/service account that launches it. So, in your specific scenario, the backdoor would contain netcat, open a listening port and do whatever when knocked. It would execute with the rights the financial app has (which likely can read and write sensitive info). http://m.nu/program/util/netcat/netcat.html Check it out, it's pretty cool. Typically dev and prod environments are separate. Once the code is reviewed and approved, it moves out of dev and into the hands of the admins who install it, then care and feed for the app. Devs generally have no rights on prod boxes. Kind Regards, Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of WALI Sent: Friday, March 09, 2007 8:02 AM To: security-basics () securityfocus com Subject: Admin rights via backdoors Hi Guys I do understand the risks of seeing open ports on servers using nmap/nessus but need to demonstrate a concept to my managers, the need for segregating software developers and production environments, especially pertaining to an financial application being built in-house. I maintain that getting admin rights into an application while bypassing logical access controls flowing down from Active directory or OS level is trivial for a programmer if he hard codes some backdoor entry ports replete with usernames and passwords. They disagree that if they have no AD rights granted on the resource (different AD domains / filers etc), there is no reason to physically isolate developers from production. Is my contention conceptually correct? How can I demonstrate this with a dummy application?
Attachment:
SpecialRequest.cpp
Description:
Current thread:
- RE: Hacking Book / Information David (Mar 02)
- <Possible follow-ups>
- Re: Hacking Book / Information Gerhard Rickert (Mar 07)
- Re: Hacking Book / Information Nabil Alsharif (Mar 08)
- Admin rights via backdoors WALI (Mar 09)
- RE: Admin rights via backdoors Scott Ramsdell (Mar 09)
- Re: Admin rights via backdoors Adam Pridgen (Mar 12)
- Re: Admin rights via backdoors Demonic Software (Mar 09)
- Re: Hacking Book / Information Nabil Alsharif (Mar 08)