JDizzle
05-10-2006, 06:14 AM
Ok, the story is that a friend of a friend was bragging about his hacking skills, and my friend told him to prove it by doing something benign to his computer. “Hacker” then changed the prompt on the victims command line (so instead of “C:\blah blah>” it said something else).
Obviously what he did was change the PROMPT environment variable. Simple enough on your own computer but the question is how might someone accomplish such a trick over the internet?
The victim’s computer is running Windows XP SP2. He has ADSL (so he is behind a router, but no hardware firewall enabled). He was running the zonealarm firewall (which apparently didn’t pick anything up). The only other relevant program that was running was a chat program called XFire – basically a chat program for gamers.
Hacker definitely had access to victim’s IP address and was using XFire to chat with him at the time. It was done over the internet (victim and hacker live thousands of miles apart). Victim claims that hacker didn’t try to have him do anything like transfer a file or anything like that. And victim is internet savvy, not just some idiot who will click “OK” to anything.
What I need to know is how hacker managed to change an environment variable on victim’s system, what the security implications of this are (i.e. if he could do that then what else could he have done?), and, most importantly, how to prevent this sort of thing from being done again.
I realize that since I did not see it happen first-hand my information may be incomplete but any speculation on how attacks of this nature might be carried out would be very helpful to me. Or if you think that my friend is just feeding me a line of crap then I’d like to know that as well.
Thank you in advance.
Obviously what he did was change the PROMPT environment variable. Simple enough on your own computer but the question is how might someone accomplish such a trick over the internet?
The victim’s computer is running Windows XP SP2. He has ADSL (so he is behind a router, but no hardware firewall enabled). He was running the zonealarm firewall (which apparently didn’t pick anything up). The only other relevant program that was running was a chat program called XFire – basically a chat program for gamers.
Hacker definitely had access to victim’s IP address and was using XFire to chat with him at the time. It was done over the internet (victim and hacker live thousands of miles apart). Victim claims that hacker didn’t try to have him do anything like transfer a file or anything like that. And victim is internet savvy, not just some idiot who will click “OK” to anything.
What I need to know is how hacker managed to change an environment variable on victim’s system, what the security implications of this are (i.e. if he could do that then what else could he have done?), and, most importantly, how to prevent this sort of thing from being done again.
I realize that since I did not see it happen first-hand my information may be incomplete but any speculation on how attacks of this nature might be carried out would be very helpful to me. Or if you think that my friend is just feeding me a line of crap then I’d like to know that as well.
Thank you in advance.