Stealth Commanding

Skilled hackers with sound knowledge of programming are good enough to attack and exploit a server by making significant changes in the code. In stealth commanding, with the help of a series of techniques, hackers utilize parsing problems occurring in server-side scripts to make code changes. Exploiting the weaknesses inherent in the operating system, hackers run malicious code without proper authorization resulting in complete seizure of the server.

How does that happen? An able hacker with good technical know-how is well equipped to make requisite modifications into an application. The modifications will then allow him to execute web server commands that it (the web server) should generally not do. For instance, visitors browsing through a website are often asked to submit their e-mail address in order to receive certain information. The address is submitted through a hidden field, which is possibly the place of the attack, thus a dangerous spot. On submission of the e-mail address, the website is likely to provide information to the visitor related to the queries posted by him into the given address. For the smooth execution of the above-mentioned task, a CGI script carved in Perl is used. With the help of stealth commanding hackers can direct the system mailer to mail back the details about the master keyword to some other e-mail address.

The ensuing consequences are surely devastating, since the hacker is armed with requisite details to impersonate the site and gather crucial information related to it. The hacker then controls the database, thus affecting the server in a harmful way. Unauthentic transactions through the website can be done by the hacker, that may result in huge loss of revenue.

More...