Backdooring PAM, (Sun, Nov 21st)

This post was originally published on this site

Xavier's diary entry "(Ab)Using Security Tools & Controls for the Bad" on PAM, reminded me of a script to backdoor linux-pam-backdoor.

This script will download the PAM source code, patch it to add an hardcoded skeleton key password, and compile it.

There's also a script to detect backdoored files like this:

This scripts looks if there is an extra string between the following strings:

Didier Stevens
Senior handler
Microsoft MVP

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.