-
August 25th, 2003, 02:20 PM
#1
Remote And Local Access Explained
This tutorial will basically cover the differences between Local And Remote Access , because I know it can be quite a confusing subject at first for newbies. I think these two concepts are vital to understand because if your testing an exploit on your server and you need to run it locally , after reading this you will understand that you need to have some insider privelege before you run it.
ok lets get going
LOCAL ACCESS
Local Access is described as being logged into a shell. Or logged on as a user in the system.
For Example , lets say you wanted to rob a house (Just An example my friend) , There would be no point in breaking down a window if somebody gave you a key and said come back anytime right ? Right.
So it would be easier if you already could get inside without setting off alarms , then scope things out. Local access is also referred to as 'Privelege Escalation' Attacks. Because then the attacker would go from a legitimate user to uid0 (root)
REMOTE ACCESS
Remote Access is Described as having a connection via a network daemon or listening service at the application layer. (telnetd , SSH , FTP , rlogin) Sometimes there are flaws in ftp daemons and such , and to be exploited they need to be exploited remotely. This is sometimes where the confusion of how exploits work come around because newbies don't yet understand the difference of local and remote access , hopefully they will have an understanding after they read this tutorial. But anyway as I described before on insider access , and the analogy I used on robbing a house im going to try to do it again here to make it more clearly. ok you don't have a key , you don't have any access at all to this house and nobody will give you insider priveleges so you must try to get in remotely. Im still using analogy. Your typical Script Kiddie will throw every kind of rock and stone at this house to try to make a window shatter open alerting police and alarms all over the county and not even know why this worked. But a more clever person will go around knock on the window , see what type of glass it is. When the person leaves & comes home. Then after careful planning will get insider privileges and go from there. See what I am saying now ?
So basically what it comes down to is that REMOTE ACCESS means via a network daemon or some other communications channel. But LOCAL ACCESS means that you have privilege to that system already. Generally attackers exploit remotely to get local privileges.
And in my analogies and such , this tutorial did by no means hint malicious activities going on etc.I simply said what I said to help the people reading to grasp it more fundamentally.
Most of these concepts were taught to me by Hacking Exposed 2nd edition , and other google sources that I can't quite remember.
I worked really hard on this tutorial and did my best to make it come out clean.
But it is only my second one so if it needs any work at all , somebody PM me and let me know.
Good Day......
"Serenity is not the absence of conflict, but the ability to cope with it."
-
August 25th, 2003, 04:26 PM
#2
I had thought to neg you, however, I'll refrain from doing that... But I will ask the question if this really fits the mold of what is considered to be a tutorial. Seems more like a dictionary definition to me.
-
August 25th, 2003, 04:42 PM
#3
I, on the other hand am glad to see something like this. this board is for new people, as well as experts, these are some of those terms that are used all the time and rarely adequately defined.
:q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)
-
August 25th, 2003, 08:06 PM
#4
acid- true enough. The information provided is valid and useful. That is why I did not give out any neg. points. However, I would think that something might be put together that adequately defines what is and what isn't a tutorial. I know that there was some disagreement last week over another tutorial that might have been avoided if guidelines on what is/not acceptable had been provided.
-
August 25th, 2003, 08:11 PM
#5
I happen to think that the info was usefull for newbies. Maybe we need a tutorial on writing tutorials?
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
-
August 25th, 2003, 08:14 PM
#6
-
August 25th, 2003, 09:08 PM
#7
Didnt know there was a tutorial on posting and writing tutorials. Thanks cheyenne1212!
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
-
August 25th, 2003, 09:10 PM
#8
anytime
-
August 25th, 2003, 11:20 PM
#9
Well , Maybe it wasn't in depth as I thought it would be. But some things i have a hard time getting on paper so to speak. Maybe i'll try harder and give it a go some other time. Thanks for your opinions though..
Good Day....
"Serenity is not the absence of conflict, but the ability to cope with it."
-
September 3rd, 2003, 02:21 AM
#10
Junior Member
Somewhat Confused Question
This question is a little confusing, so I'll try to make it simple because I think it has a simple answer. If I think my ftp port is vulnerable can I simply try to connect to my own ftp port on my computer? Is that still a remote access and will my vulnerability be able to be tested or do i have to go to another computer to do it? I don't really know how to test that so please excuse my ignorance.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|