What the heck does this have to do with Radmin? A hacker could install a telnet server and get the same effect. Or PC Anywhere. Or just exploit a MS Windows bug. Perhaps what makes radmin attractive to hackers, are its . small size and easy installation. The solution, I suppose, would be to require that all remote administration software be "bloatware" so it's inconvenient for hackers (as well as system administrators...)
You should not worry about radmin. You should worry about your firewall and security policies. Any useful tool can be misused.
I agree. Any tool can be misused.
But Radmin is the preferred tool for hackers for the single reason that it can be renamed to be anything. This gives it a "stealth" capability and allows it to be used as a spying tool on unsuspecting users. Check out the listing on Pest Patrol (http://pestpatrol.com/PestInfo/r/radmin.asp)
I think that it is IRRESPONSIBLE for Famatech to produce a remote admin tool that doesn't have CRC checking to assure that the name of the executable and dll haven't been renamed to something other than what it's supposed to be. Their lack of sensitivity to the security industry will keep their tool from being more fully adopted. In the cases I've seen, an RPC vulnerability was exploited and a dll injector was used to put the necessary files (renamed, of course) in the correct directories. On subsequent examinations of these machines, there was no obvious indication of the machine's additional remote administration connectivity. Searching the files under the task manager did not show an obvious vulnerability because the file was named similarly to a common necessary file. It was only after setting the virus scanner to a more restrictive setting did it identify lanmansvc.exe as being a potentially dangerous file, and only after examining this file was it identified to be radmin v2.1.
So, because radmin doens't do CRC file name checking, and because the systray icon can be turned off, this program is the perfect stealth vehicle for hackers to use once they have gained access to a machine.
-a concerned system admin
well my friend had radmin on his server and he set up the nt password securety on it and today wehn he came home he found someone in his server messing around. his admin password was an 11 digit alpha numaric password. we still dont know how the person got in becasue the only user that had access to log into radmin was the system admin. teh guy got in and started downloading an irc proxy program he also changed the admin password and disable norton antivirus and claned out the system log. i would like to know if there is any way to hack into radmin?
Users browsing this topic
Number of guests: 1,
registered members: 0,
in total hidden: