Jump to content

[PAYLOAD]SudoBackdoor


oXis

Recommended Posts

Posted

Ding ding, it's payload time :grin:

 

This is a two stages payload.

First you use the 'injector' that will install a small bash script which is a wrapper for sudo. The script will store the passwords.

Second, you use the 'cleaner' to get the passwords back and clean the backdoor.

 

So basically, you get access to a computer running MacOS or Linux (you can config the payload by setting mac=true) and you install the backdoor. A couple of hours/days/weeks later you comme back, grab the passwords and erase traces. Easy :ph34r:

 

Link: https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/credentials/SudoBackdoor

I'll submit a pull request but first I need people to test this on MacOS and Linux. It works on my Linux Mint.

 

Ninja! :ph34r:

  • 4 months later...
  • 6 months later...
Posted

Replace sudo with a little bash script that acts like a wrapper around the real sudo to get sniff the password when the admin is using the sudo command.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...