How to Steal Ubuntu & MacOS Sudo Passwords Without Any Cracking

With a simple social engineering trick, sudo passwords can be captured in seconds without the target's knowledge. The passwords can then be saved to a file or exfiltrated to another computer on the network. After exploiting a system, penetration tester's and hackers will often begin privilege escalation (privesc) attacks. Such attacks include kernel exploitation and password phishing. The featured attack here takes a social engineering approach by utilizing Bash functions to emulate the functionality of the sudo command. How Sudo Is Supposed to Work Let's use the following whoami and id... more