Results 1 to 8 of 8

Thread: Uploading A Program Without The User Knowing

  1. #1

    Uploading A Program Without The User Knowing

    Is it possible for a hacker to upload a file to your pc, via an open port and execute it without the computer user actually knowing?

    I've been told it's possible but it seems quite an easy way to get about hacking and installing a trojan ect.

    Cheers for any help,

    Robert Davison

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Off-hand, I'd say yes. I've had an experience with a program (spyware crap) called Xupiter. I happened to notice when visiting a site that there was still a fair amount of activity going on through the NIC. Lo and behold, Xupiter was installing behind my browser without my approval, consent or agreement. The term for this is Browser Hijacking and seems to fall mostly on the Windows platform with IE. I don't think I've heard of any other browsers or platforms succombing to this but I could be wrong.

    This link might give you a little more info on some of the hows and how to prevent it.
    http://www.spywareinfo.com/articles/hijacked/

    I don't doubt that a malicious attacker could use the same principles against an individual. Basically, they could either setup a site or deface one, upload the code necessary and away they go.

    <edit>
    Apparently this thread listed below went into some incredible details. Well over 32000 views and 166 responses. Apparently they did research into how Xupiter works and how to deal with it.

    http://www.spywareinfo.com/forums/in...2d1170e2534e9c

    </edit>
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    117
    It would depend on what program that has opened the port.
    If its a server of some sort, the hacker could for example try fingerprinting it and do a simple bugtraq search of known vulns for that server and then try to exploit them.

    If you are on Windows I would recommend something like Active Ports or TCPView to check what ports you have open.

    TCPView: http://www.sysinternals.com/ntw2k/utilities.shtml
    ActivePorts: http://www.ntutility.com/freeware.html
    .sig - There never was a .sig?
    I own a Schneider EuroPC with MS-Dos 3.3 and it works.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    On Windows NT (& the other similar ones yadayada), if they have access to an administrator account they can upload anything to anywhere and execute it as a service with whatever privilege they want - all this will happen despite what the logged-on user does (and indeed, even if nobody is logged on) - provided the "Server" service is running and isn't firewalled.

    Without the administrator account, they could exploit a bug in a client program (Usually a browser or mail user agent), or a server program (for example web server, ftp server) to cause it to execute some code of their choosing. That code could download an exe from somewhere and execute it locally.

    As most users of Windows NT (especially home users) use an administrator account all the time, exploiting a client program would result in full control.

    So in effect, yes *but* you don't need to have any open ports if they are exploiting a client program to do it.

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    many unpatched services allow the spawning of command shells. the most recent for ms is webdav. once someone has a shell on your machine they can download and run anything they want.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Yes. I only responded cause I am not sure the users covered the question you are ask, if they did, great, if not perhaps this can add some value.

    It is possible for a remote user to do things on a system without a local user being aware, whether that be uploading executables, altering configuration files, launching services, compiling software, whatever.

    This can happen in three ways:

    1. The local user unwittingly installs malware that requires no confrimation as a result of a weak system security policy. In this case the remote user is initially the server system the local user made a request from.
    2. The system is running a weak service that allows a malicious remote user to access the system in an unintended way by using the weak services' permissions/privileges to elicit the aforementioned actions.
    3. The system is configured with a remote administration tool for centralized administration. This allows a sys admin to install software and make configuration changes to the system from their desk rather than yours.

    However... this examples are directed at systems which feature at least discretionary access controls which are used to segregate user processes (among other things).

  7. #7

    Re: Uploading A Program Without The User Knowing

    Originally posted here by Robdav007
    Is it possible for a hacker to upload a file to your pc, via an open port and execute it without the computer user actually knowing?

    I've been told it's possible but it seems quite an easy way to get about hacking and installing a trojan ect.

    Cheers for any help,

    Robert Davison
    Yes, it's possible.. This is where exploits come in..

    If an application is exploited remotly, the attacker has full control of the program, which means they can upload and execute malicious code.

    Netbios is most often used to do this type of attack.

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Posts
    217
    Someone may have mentioned this, and I may have just missed it, but If someone already has installed a trojan on your system, then they can install and run which ever programs they like. for instance, if someone has found that you have the BO client on your computer, and they prefer to use netbus, they can put the netbus client program in your startup folder, then reboot your machine. congradulations, you now have netbus as well.

    reminder: hacking is bad. don't do stuff like this.
    i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •