Hi, I was reading up on the old Interbase hardcoded backdoor and I'm not sure how to go about writing some code to interface with the server and perform authentication and execute arbitrary commands. I wondered if anyone has created a proof-of-concept exploit or if not has any information on the protocol that could help me create my own. Here's the hardcoded backdoor account information: #define LOCKSMITH_USER "politically" #define LOCKSMITH_PASSWORD "correct" The server runs on port 3050. It is sometimes spawned from inetd: #gds_db stream tcp nowait.30000 root /usr/local/sbin/gds_inet_server gds_inet_server # InterBase Database Remote Server From reading the documentation I gather that it no longer needs to be run through inetd. I was able to spawn the server by locally running it with the '-d' flag. References: http://www.cert.org/advisories/CA-2001-01.html http://list.cobalt.com/pipermail/cobalt-users/2001-January/030260.html http://www.securityfocus.com/bid/2192 Any information would be great. Best Regards, Charles Stevenson
This archive was generated by hypermail 2b30 : Tue Jan 29 2002 - 10:54:08 PST