Backdoors

 What is a Backdoor?

A backdoor is a program that allows attackers to bypass normal security controls on a system, gaining access on the attacker's own terms.

 Different types of backdoor access:

·         Local Escalation of Privilege

·         Remote Execution of Individual Commands

·         Remote Command-Line Access

·         Remote Control of the GUI

 Starting backdoors automatically

Windows:

        Altering Startup files and folders

        Editing Registry

        Task Scheduler

Unix:

        Inittab configuration file

        System and Service configuration files

        Inetd

        User startup scripts

        Cron (for job scheduling)

NetCat

Connecting to a Netcat backdoor listener with a Netcat client.

A firewall blocks access to the backdoor listener, preventing the attacker from connecting to the backdoor.

Shoveling a shell: A Netcat client runs a command shell on the inside and pushes it through the firewall to a Netcat listener on the outside.

VNC

Portless Backdoors:

        ICMP-based

        Sniffing backdoors

NetCat download here or here

TCPView port scanning tool http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

Fport port scanning tool http://www.foundstone.com/us/resources/proddesc/fport.htm

AutoRuns for Windows http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Attempted Linux Kernel backdoor