Loading repository data…
Loading repository data…
aruxiee / repository
Python script to demonstrate a Skeleton Key attack. Compiles a custom C-based PAM module to establish a universal master password for any user including root, while original credentials remain active.
Project to demonstrate a "Skeleton Key" attack on Linux systems by leveraging the Pluggable Authentication Modules (PAM) framework. We can establish a universal master password that works for any user on the system while leaving original credentials intact by inserting a custom shared object into the authentication stack.
⚠️ Please Note: This project is strictly for Educational and Authorized Penetration Testing. I am not responsible for any of the shenanigans you guys pull.
This script automates the lifecycle of a PAM-based backdoor. It handles the generation of malicious C source code, compiles it into a compatible shared library (.so), and injects it into the system's authentication configuration.
While I wrote the core backdoor in C, the Python wrapper is for several purposes:
/etc/pam.d/common-auth to make sure the backdoor is placed at the top of the stack.sudo apt install libpam0g-dev gcc -ysudo python3 pamper.py --install1234:
su testusersudo python3 pamper.py --revertOnce active, the impact is system-wide.
root) can be accessed via the master password.sufficient flag tells Linux that if the master password matches, no further checks (like the actual user's password) are necessary./etc/pam.d/.| Technique ID | Name | Description |
|---|---|---|
| T1556.003 | Modify Authentication Process: PAM | Tampering PAM to bypass or capture credentials. |
| T1543 | Create or Modify System Process | Installing a malicious shared object into system security paths. |
| T1136.001 | Create Account: Local Account | Creating a testuser for verification and persistence. |
pam_unix.so to include the skeleton key logic to make detection by file listing impossible.