EvilAbigail is a Python-based tool that allows you run an automated Evil Maid attack on Linux systems, this is the Initrd encrypted root fs attack. An Evil Maid attack is a type of attack that targets a computer device that has been shut down and left unattended.
An Evil Maid attack is characterized by the attacker’s ability to physically access the target multiple times without the owner’s knowledge.
- Laptop left turned off with FDE turned on
- Attacker boots from USB/CD/Network
- Script executes and backdoors initrd
- User returns to laptop, boots as normal
- Backdoored initrd loads:
/sbin/initon boot, dropping a shell
DefaultEnviroment, loaded globally, dropping a shell.
- Ubuntu 14.04.3
- Debian 8.2.0
- Kali 2.0
- Fedora 23
- CentOS 7
You can download EvilAbigail here:
Or read more here.