bd4ec90d04
* Uploaded BunnyLogger * uploading payload intel * Create README.md * Update README.md * uploaded LinuxPreter * uploaded FileRipper Faster executing version * Update README.md * fixing typo * uploaded sudoSnatch * Update README.md * deleting sudoSnatch * uploading payload * Delete payload.sh * Delete shell * Delete systemBus * Delete camPeek directory * Update payload.sh * Update payload.sh * Delete payloads/library/execution/FileRipper directory * Update payload.sh * Update payload.sh * Update payload.sh * Update payload.sh |
||
---|---|---|
.. | ||
README.md | ||
payload.sh | ||
payload.txt | ||
shell | ||
systemMgr |
README.md
About:
- Title: sudoSnatch
- Description: sudoSnatch grabs plain text passwords remotely/locally.
- AUTHOR: drapl0n
- Version: 1.0
- Category: Credentials
- Target: Unix-like operating systems with systemd.
- Attackmodes: HID, Storage
sudoSnatch: sudoSnatch payload grabs sudo password in plain text, imediately after victim uses sudo
command and sends it back to attacker remotely/locally.
Features:
- Plain text passwords.
- Detailed password logs.
- Persistent
- Autostart payload on boot.
Workflow:
- Injecting payload on target's system.
- Checks whether internet is connected to the target system.
- If internet is connected then it sends clear text passwords to attacker.
Changes to be made in payload.sh:
- Replace ip(0.0.0.0) and port number(4444) with your servers ip address and port number on line no
10
. - Increase/Decrease time interval to restart service periodically (Default is 15 mins), on line no
14
.
LED Status:
SETUP
: MAGENTAATTACK
: YELLOWFINISH
: GREEN
Directory Structure of payload components:
FileName | Directory |
---|---|
payload.txt | /payloads/switch1/ |
payload.sh | /payloads/ |
shell | /payloads/library/sudoSnatch/ |
systemMgr | /payloads/library/sudoSnatch/ |
- Note: Create directory named
sudoSnatch
in/payloads/library/
Usage:
- Inject payload into target's system.
- Start netcat listner on attacking system:
nc -l -p <port number>
use this command to fetch passwords.