Security Basics mailing list archives
Admin rights via backdoors
From: WALI <hkhasgiwale () gmail com>
Date: Fri, 09 Mar 2007 18:02:22 +0400
Hi GuysI do understand the risks of seeing open ports on servers using nmap/nessus but need to demonstrate a concept to my managers, the need for segregating software developers and production environments, especially pertaining to an financial application being built in-house.
I maintain that getting admin rights into an application while bypassing logical access controls flowing down from Active directory or OS level is trivial for a programmer if he hard codes some backdoor entry ports replete with usernames and passwords. They disagree that if they have no AD rights granted on the resource (different AD domains / filers etc), there is no reason to physically isolate developers from production.
Is my contention conceptually correct? How can I demonstrate this with a dummy application?
Current thread:
- RE: Hacking Book / Information David (Mar 02)
- <Possible follow-ups>
- Re: Hacking Book / Information Gerhard Rickert (Mar 07)
- Re: Hacking Book / Information Nabil Alsharif (Mar 08)
- Admin rights via backdoors WALI (Mar 09)
- RE: Admin rights via backdoors Scott Ramsdell (Mar 09)
- Re: Admin rights via backdoors Adam Pridgen (Mar 12)
- Re: Admin rights via backdoors Demonic Software (Mar 09)
- Re: Hacking Book / Information Nabil Alsharif (Mar 08)