Jump to content


Recommended Posts

Ding ding, it's payload time :grin:


This is a two stages payload.

First you use the 'injector' that will install a small bash script which is a wrapper for sudo. The script will store the passwords.

Second, you use the 'cleaner' to get the passwords back and clean the backdoor.


So basically, you get access to a computer running MacOS or Linux (you can config the payload by setting mac=true) and you install the backdoor. A couple of hours/days/weeks later you comme back, grab the passwords and erase traces. Easy :ph34r:


Link: https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/credentials/SudoBackdoor

I'll submit a pull request but first I need people to test this on MacOS and Linux. It works on my Linux Mint.


Ninja! :ph34r:

Edited by oXis
  • Upvote 2

Share this post

Link to post
Share on other sites

Replace sudo with a little bash script that acts like a wrapper around the real sudo to get sniff the password when the admin is using the sudo command.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...