Remote And Local Access Explained
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Remote And Local Access Explained

  1. #1
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352

    Post Remote And Local Access Explained

    This tutorial will basically cover the differences between Local And Remote Access , because I know it can be quite a confusing subject at first for newbies. I think these two concepts are vital to understand because if your testing an exploit on your server and you need to run it locally , after reading this you will understand that you need to have some insider privelege before you run it.
    ok lets get going


    LOCAL ACCESS
    Local Access is described as being logged into a shell. Or logged on as a user in the system.
    For Example , lets say you wanted to rob a house (Just An example my friend) , There would be no point in breaking down a window if somebody gave you a key and said come back anytime right ? Right.
    So it would be easier if you already could get inside without setting off alarms , then scope things out. Local access is also referred to as 'Privelege Escalation' Attacks. Because then the attacker would go from a legitimate user to uid0 (root)




    REMOTE ACCESS
    Remote Access is Described as having a connection via a network daemon or listening service at the application layer. (telnetd , SSH , FTP , rlogin) Sometimes there are flaws in ftp daemons and such , and to be exploited they need to be exploited remotely. This is sometimes where the confusion of how exploits work come around because newbies don't yet understand the difference of local and remote access , hopefully they will have an understanding after they read this tutorial. But anyway as I described before on insider access , and the analogy I used on robbing a house im going to try to do it again here to make it more clearly. ok you don't have a key , you don't have any access at all to this house and nobody will give you insider priveleges so you must try to get in remotely. Im still using analogy. Your typical Script Kiddie will throw every kind of rock and stone at this house to try to make a window shatter open alerting police and alarms all over the county and not even know why this worked. But a more clever person will go around knock on the window , see what type of glass it is. When the person leaves & comes home. Then after careful planning will get insider privileges and go from there. See what I am saying now ?




    So basically what it comes down to is that REMOTE ACCESS means via a network daemon or some other communications channel. But LOCAL ACCESS means that you have privilege to that system already. Generally attackers exploit remotely to get local privileges.

    And in my analogies and such , this tutorial did by no means hint malicious activities going on etc.I simply said what I said to help the people reading to grasp it more fundamentally.

    Most of these concepts were taught to me by Hacking Exposed 2nd edition , and other google sources that I can't quite remember.

    I worked really hard on this tutorial and did my best to make it come out clean.
    But it is only my second one so if it needs any work at all , somebody PM me and let me know.

    Good Day......
    "Serenity is not the absence of conflict, but the ability to cope with it."

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    I had thought to neg you, however, I'll refrain from doing that... But I will ask the question if this really fits the mold of what is considered to be a tutorial. Seems more like a dictionary definition to me.

  3. #3
    Deceased x acidreign x's Avatar
    Join Date
    Jul 2002
    Posts
    455
    I, on the other hand am glad to see something like this. this board is for new people, as well as experts, these are some of those terms that are used all the time and rarely adequately defined.
    :q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    acid- true enough. The information provided is valid and useful. That is why I did not give out any neg. points. However, I would think that something might be put together that adequately defines what is and what isn't a tutorial. I know that there was some disagreement last week over another tutorial that might have been avoided if guidelines on what is/not acceptable had been provided.

  5. #5
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    I happen to think that the info was usefull for newbies. Maybe we need a tutorial on writing tutorials?
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  6. #6

  7. #7
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Didnt know there was a tutorial on posting and writing tutorials. Thanks cheyenne1212!
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  8. #8
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    anytime
    =

  9. #9
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    Well , Maybe it wasn't in depth as I thought it would be. But some things i have a hard time getting on paper so to speak. Maybe i'll try harder and give it a go some other time. Thanks for your opinions though..
    Good Day....
    "Serenity is not the absence of conflict, but the ability to cope with it."

  10. #10
    Junior Member
    Join Date
    Sep 2003
    Posts
    3

    Somewhat Confused Question

    This question is a little confusing, so I'll try to make it simple because I think it has a simple answer. If I think my ftp port is vulnerable can I simply try to connect to my own ftp port on my computer? Is that still a remote access and will my vulnerability be able to be tested or do i have to go to another computer to do it? I don't really know how to test that so please excuse my ignorance.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •