Witchdocsec
/
SUnami
mirror of https://github.com/witchdocsec/SUnami.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12 Commits
1 Branch
0 Tags
55 KiB
Python 99%
Shell 1%
 
 
Go to file
witchdocsec bac9df2597
Update README.md 		2023-06-12 18:01:02 +01:00
lib Update payloads.py 2023-06-12 17:57:34 +01:00
README.md Update README.md 2023-06-12 18:01:02 +01:00
sunami.py Add files via upload 2023-06-11 22:40:23 +01:00

README.md

SUnami

Struggling with linux priveledge escelation? well then its time to cheese it with SUnami.
0 interaction privesc is always recommended but not always achievable. For this reason we have created a tool for the most trivial priv esc in history (with a few drawbacks).
This is not an exploit just a cheap but effective trick. The usecase is when you have a shell on a sudoers account but no sudo cred.
It works by manipulating sudo via aliasing in their .bashrc file to prepend a malicious attacker specified command first in the background.
This does mean you will need to wait for sudo to be executed.

#File Exfiltration I used passwd so as not to leak my hash for this demo but rest assured you can read whatever file you wish image

#Root Shell image