EvilAbigail – Automated Evil Maid Attack For Linux


EvilAbigail is a Python-based tool that allows you run an automated Evil Maid attack on Linux systems, this is the Initrd encrypted root fs attack. An Evil Maid attack is a type of attack that targets a computer device that has been shut down and left unattended.

EvilAbigail - Automated Evil Maid Attack For Linux

An Evil Maid attack is characterized by the attacker’s ability to physically access the target multiple times without the owner’s knowledge.


Scenarios

  • Laptop left turned off with FDE turned on
  • Attacker boots from USB/CD/Network
  • Script executes and backdoors initrd
  • User returns to laptop, boots as normal
  • Backdoored initrd loads:
    • (Debian/Ubuntu/Kali) .so file into /sbin/init on boot, dropping a shell
    • (Fedora/CentOS) LD_PRELOAD .so into DefaultEnviroment, loaded globally, dropping a shell.

Supported Distros

  • Ubuntu 14.04.3
  • Debian 8.2.0
  • Kali 2.0
  • Fedora 23
  • CentOS 7

You can download EvilAbigail here:

EvilAbigail-master.zip

Or read more here.

Posted in: Exploits/Vulnerabilities, Hacking Tools, Linux Hacking

,


Latest Posts:


Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)


2 Responses to EvilAbigail – Automated Evil Maid Attack For Linux

  1. No one August 18, 2017 at 11:07 am #

    You should really provide links to source rather than posting binaries and zip files.

    Who really trusts an internet website posting hacking tools without the source?