This section contains miscellaneous information regarding hacking basics.
A backdoor is simply a way back into a system that not only bypasses existing security to regain access, but may even defeat any additional security enhancements added onto a system.
Backdoors can range from the simple to the exotic. Simple backdoors might include creating a new user account just for your intrusion needs, or taking over a little-used account. More complex backdoors may bypass regular access completely and involve trojans, such as a login program that gives you administrative access if you type in a special password.
Backdoors can be chained together, which is the technique used by most hackers. This involves a combination of techniques. For example, one or more accounts that have basic user access may have had their passwords cracked, and one or more accounts may be created by the hacker. Once the system is accessed by the hacker, the hacker may activate some technique or exploit a system misconfiguration that allows greater access. Often a hacker will lower the defenses in certain areas by slightly altering system configuration files. Perhaps a trojan program has been installed that will open holes upon command by the hacker. Some of these techniques will be discussed in detail in the individual operating system sections of this FAQ.
Auditing, accounting, logging -- call it what you will, these are things used to create permanent or semi-permanent records of events on a system. Unfortunately these can record your intrusion activities, sometimes in explicit and evidence-worthy detail. Therefore potential intruders should not only be aware of what record keeping is available (either as a regular feature of the system or as add-ons) and have possible methods for defeating such recordings.
Some types of logging include simple text files with entries showing logins and logouts, maybe failed logins. Others show what programs were accessed, which programs were attempted to be run and the request failed, or keep track of an individual's disk usage. All can reveil info that can allow an administrator to reconstruct an attack.
Admins generally prefer to use simple logging techniques so as not to pile onto their current workload. Logs take up space. Large log files are sometimes very difficult to sift through as sys admins are looking for problems. These logs are usually stored in directories generally protected from casual viewing, or at least editing.
Typically log files do not disappear. This might lead a curious sys admin to poke around looking for problems, and the paranoid sys admin to look for intruders. The logs should be edited if possible, or the entries made into them made to look as normal as possible.
A buffer overflow is when a buffer was assigned by a programmer to hold variable data, and the variable data placed into that buffer is greater that the size of the initial assignment of the buffer. Depending on the operating system and exactly what the "extra" data overflowing the buffer is, this can be used by a hacker to cause portions of a system to fail, or even execute arbitrary code.
Most buffer overflow exploits center around user-supplied data exceeding a buffer, and the extra data being executed on the stack to open up additional access. Buffer overflows exist on all major network operating systems.