Entering the System by the Backdoor

We can probably guess what a “backdoor” does from its literal meaning. Technically, though, the software belonging to this class is used to maintain access to a system that has already been infected.
We can distinguish between two main types of backdoor:

1. Local: having a normal account on the server, a local server gives us administrator rights.
2. Remote: even if we do not have an account on the server, thanks to the remote backdoor we can obtain administrator rights.

There are many kinds of backdoors. For example, the hacker can modify and substitute some services offered by the server, and can also statically modify certain configuration files. It is also possible to load the system core modules or to install applications, called rootkits, after cracking. Each way has its disadvantages and advantages. That is why it would be of benefit to describe each of them in sequence. The idea, as we can see, is very simple. In the upcoming posts we will be discussing the practical use of the backdoor and to analyzing its advantages and disadvantages.

Backdoors:

1. Modification of file /etc/passwd
2. Adding new service in /etc/xinetd.d/
3. Communication through ICMP
4. Modifications of sources of sshd deamon
5. Rootkit (kernel module)

Posted in: Password Cracking