Vista Back door

OK here is the deal: a good friend of mine works for a *VERY* large news outlet (name omitted as not to get him fired, but you WILL know it when you hear it), anyway he got a lead that there is a backdoor in what appears to be ALL versions of windows vista.

This stuff is scary, according to his sources this back door was added at the request of the US government as part of the PATRIOT ACT. You type a special command built into windows (see below) with special parameters and you get back what looks like random garbage. The random garbage is just to deter people that accidently stumble on the command. If you then type EXACTLY:




(For some reason it wont let me type that)


You will get the menu. My friend is still checking stuff out, but according to the menu and some preliminaries he has gotten the backdoor also hooks into several well known programs such as TrueCrypt, PGP, Firefox, Opera, Tor & Freenet. I guess because it is running in kernel space it can recognize these programs and log / patch them at runtime however it wishes.

I am running a MAC (thank god) so I only have the text transcript my friend sent me, can anyone confirm this????

Transcript below, anything route add 1.2.3.4/240 4.3.2.1
=iE(qM%na>UK|b[DF@>9#;"\sl6@u=4-CF\[#jC*BV~S$.*y4dxYkC~kFnt-A^=$iWe1W#4^!
.JjP[~

for some reason

AA (without the A's) isnt showing up

Wtf

< C t r l + D >

Okay, I am far from a computer whiz, so bare with me.

What can be accessed through a back door? Does it give anyone that knows what they are doing access to your activity? If so, how is this not a) invasion of privacy and b)a violation of the constitution?

Starred and flagged.

I've heard that windows always puts back doors in all of the OS's. They are the go between for the secret agencies watching us. Also, ask who benefits from viruses?

reply to post by cautiouslypessimistic


Im not exactly sure but it can allegedly log TrueCrypt passwords and such
il follow up on this after some more digging

although I don't have windows and am on a Mac...

I suggest that if anybody does this, pull your ethernet.
Nobody has no idea what this is and this is just a random post.

reply to post by TrainDispatcher


Trust me , Im not trolling to try and hack anyones computers or try and get anyone to mess up their computers
Im simply relying what i have heard, and since iam on a mac i cannot try this out for myself



[edit on 5-12-2008 by Runningtobabylon]

The "route add" command is really a security exploit because it has a flaw. example So that gibberish is not to deter people away from a hidden place it is the code you are injecting directly into execution via the above security flaw. Depending on the "gibberish" you are putting there you can do anything, from crashing the system ( which is what most often happens ) to stealing the administrator password or injecting your own.

So that gibberish can be a hoax i.e. the machine code required to display the "secret menu" and make it look like it really exists. BUT! it can also be the opposite as in giving you access to an object that really exists as a back door. On that note, there I go checking it out.

Kind regards.

reply to post by Runningtobabylon



I'm not pointing you out, or saying that you would do this. we just have no clue of what happends with this "so called (script?)


RTB, it is a interesting find no less

[edit on 5-12-2008 by TrainDispatcher]

reply to post by mystiq

I've seen Windows XP being cracked open by the member of law inforcement in less than 10 seconds, so what you say seems to have some merit.

Cheers.

Edit to add: Funny thing you should mention viruses. The statistic used to be that there are 100 new worms and viruses produced weekly. And yet, you hardly ever hear them doing any real damage. I think that goes to prove where those viruses come from. The anti-virus companies stand to gain the most from their creation. But every now and then you get a few of the viruses that were not written by them. You know the kind: The I love you virus was one of them. Strange how they always manage to arrest the authors of those ones within a few days, yet we never hear about those other 99 viruses released that week alone.

I'm just paranoid, ha?

[edit on 5-12-2008 by Manawydan]

Well we could always get SO looking at this , Him being an amazing coder and all , He would probably know more details of what this does

Well what it looks to me is a hoax. My degree is Computer Science Programming. DO NOT TYPE THIS IN!

By typing this in you open the backdoor!

If you already did then type this in to close it.

c:\route delete 1.2.3.4/240 4.3.2.1

Looks to me like your friend was trying to prank you. We used to play pranks like this on friends all of the time.

IF YOU DO THIS YOUR COMPUTER WILL BE VUNERALBLE TO ATTACK..!

He did this to give him access to change files on your system.

reply to post by LeaderOfProgress


Wait, i dont get you
What do you mean by that

The command you gave opens up port 240 with the ip of 1.2.3.4 thus giving an entry point into your system. It is the back door but you create it by typing that command in an admin console.

Originally posted by cautiouslypessimistic
What can be accessed through a back door?

Everything. Address of every site you or anyone using you computer ever visited ( especially if you re using MS Internet explorer ) every file you ever opened. All the data on your computer including files you thought were deleted.

Originally posted by cautiouslypessimistic
Does it give anyone that knows what they are doing access to your activity?

Absolutely. Industrial espionage thrives on these. You'd be amazed how few people know that once you delete a file it really remains on your drive. Even when you "empty the trash" it stays there. The space is allocated to be potentially overwritten by other data and that's it.

If you want something erased you need to get a disk sanitizer. A program that actually overwrites the entire surface of the file(s) being deleted.



Stay safe.

Interesting. It appears those parameters to the "route add" command can corrupt kernel memory:

phion Security Advisory 21/10/2008: Microsoft VISTA TCP/IP stack buffer overflow

Anyone actually tried this out on a Vista system?


Edit to add:

Originally posted by Manawydan
If you want something erased you need to get a disk sanitizer. A program that actually overwrites the entire surface of the file(s) being deleted.

Actually, this is the most reliable technique:
www.youtube.com...



[edit on 5-12-2008 by Ian McLean]

Originally posted by LeaderOfProgress
The command you gave opens up port 240 with the ip of 1.2.3.4 thus giving an entry point into your system. It is the back door but you create it by typing that command in an admin console.

No, that's wrong. The /240 is a shorthand for the network mask, not the port. You can't manipulate port access through the use of route command.

Plus the "route" command will not let you add this route at all. It's just to get the buffer overflow flaw working for vista. The "machine code" is another story though.

Kind regards.

Originally posted by Ian McLean
Interesting. It appears those parameters to the "route add" command can corrupt kernel memory:

phion Security Advisory 21/10/2008: Microsoft VISTA TCP/IP stack buffer overflow

Anyone actually tried this out on a Vista system?

I would suggest NOT trying this unless you are absolutely sure that you can live without all the data on your computer, or you are very very good at machine code.

Edit to add: I'm sorry for spamming. I'll stop now.

[edit on 5-12-2008 by Manawydan]

run the command then check open ports it does and will. just ran and checked it. on a vista b system. It opens access to your system. Under agreement with microsoft I was given the true backdoor as long as I kept it private, but it requires being at the computer initially to activate. It uses the netadministrator commands. very powerful. this is a port access prank.