Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Backdooring PAM - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Backdooring PAM

Xavier's diary entry "(Ab)Using Security Tools & Controls for the Bad" on PAM, reminded me of a script to backdoor linux-pam-backdoor.

This script will download the PAM source code, patch it to add an hardcoded skeleton key password, and compile it.

There's also a script to detect backdoored files like this:

This scripts looks if there is an extra string between the following strings:

Didier Stevens
Senior handler
Microsoft MVP


649 Posts
ISC Handler
Nov 21st 2021

Sign Up for Free or Log In to start participating in the conversation!