Support
Authorization

Newsletter

  Settings

RAdmin is a hacker tool

 

Forums list
Topics list
New topics
Search
Rules
Help
Login: 
Register

Pages: 1
  Views: 8202Topic: closed: «RAdmin is a hacker tool» on forum: Famatech Software Good Wishes
#1
So...has anyone else noticed that Remote Admin is being renamed as Lanmansvc.exe and placed on machines by hackers?
-a concerned system admin
#2
What the heck does this have to do with Radmin? A hacker could install a telnet server and get the same effect. Or PC Anywhere. Or just exploit a MS Windows bug. Perhaps what makes radmin attractive to hackers, are its . small size and easy installation. The solution, I suppose, would be to require that all remote administration software be "bloatware" so it's inconvenient for hackers (as well as system administrators...)

You should not worry about radmin. You should worry about your firewall and security policies. Any useful tool can be misused.
#3
I agree. Any tool can be misused.
But Radmin is the preferred tool for hackers for the single reason that it can be renamed to be anything. This gives it a "stealth" capability and allows it to be used as a spying tool on unsuspecting users. Check out the listing on Pest Patrol (http://pestpatrol.com/PestInfo/r/radmin.asp)
I think that it is IRRESPONSIBLE for Famatech to produce a remote admin tool that doesn't have CRC checking to assure that the name of the executable and dll haven't been renamed to something other than what it's supposed to be. Their lack of sensitivity to the security industry will keep their tool from being more fully adopted. In the cases I've seen, an RPC vulnerability was exploited and a dll injector was used to put the necessary files (renamed, of course) in the correct directories. On subsequent examinations of these machines, there was no obvious indication of the machine's additional remote administration connectivity. Searching the files under the task manager did not show an obvious vulnerability because the file was named similarly to a common necessary file. It was only after setting the virus scanner to a more restrictive setting did it identify lanmansvc.exe as being a potentially dangerous file, and only after examining this file was it identified to be radmin v2.1.
So, because radmin doens't do CRC file name checking, and because the systray icon can be turned off, this program is the perfect stealth vehicle for hackers to use once they have gained access to a machine.
-a concerned system admin
#4
Quote
, this program is the perfect stealth vehicle for hackers to use once they have gained access to a machine.


The key phrase there being "once they have gained access to a machine"

The whole idea behind system security is to deny them access to the machines in the first place...
#5
How come hackers were able to place anything onto your machines?

>doesn't have CRC checking to assure that
>the name of the executable and dll haven't
>been renamed to something other than what
>it's supposed to be.

We've included this suggestion into our Wishes list.

Still this method only works with .exe - renamed .dll won't work, since .exe calls for "admdll.dll" and hacker can't change it.

Best Regards,
Ilia Demenkov, Famatech Support Team (support@famatech.com).
Profile
#6
well my friend had radmin on his server and he set up the nt password securety on it and today wehn he came home he found someone in his server messing around. his admin password was an 11 digit alpha numaric password. we still dont know how the person got in becasue the only user that had access to log into radmin was the system admin. teh guy got in and started downloading an irc proxy program he also changed the admin password and disable norton antivirus and claned out the system log. i would like to know if there is any way to hack into radmin?
Pages: 1

Users browsing this topic
Number of guests: 1, registered members: 0, in total hidden: 0

Radmin 3.5

Windows 8 Compatible

DOWNLOAD

Free for 30 days

BUY NOW

Only $49 per lifetime license
for  50 PCs - $29.8 per remote PC
for 100 PCs - $24.9 per remote PC
for 150 PCs - $23.3 per remote PC
from 200 PCs - $22 per remote PC
Follow us on Twitter
Famatech Corporation Copyright © 1999-2014 Famatech. All rights reserved.