Can Linux Aliases Steal Your Password? (Bash Bunny Demo)
On this episode of HakByte, @AlexLynd demonstrates how a sneaky Linux alias can steal your sudo password – and how an attacker can install a phishing script on your computer in seconds, using a Hak5 BashBunny.
This video is sponsored by PCBWay: https://www.pcbway.com
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Fake Sudo Payload: https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/phishing/fake-sudo
Buy a Nugget: https://retia.io/products/wi-fi-nugget-s2-nugget-esp32s2
Buy a Bash Bunny: https://shop.hak5.org/products/bash-bunny
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Alex’s Twitter: https://twitter.com/AlexLynd
Alex’s Website: http://alexlynd.com
Alex’s GitHub: https://github.com/AlexLynd
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Chapters:
Intro 00:00
PCBWay Ad 00:17
What is Sudo? 00:33
Privilege Escalation Attacks 01:02
Attack Demo Overview 01:28
What You’ll Need 01:42
BashBunny Script Explainer 02:02
What are Aliases? 03:44
Phishing Script Overview 04:24
Arming the Bash Bunny 05:14
Phishing Demo 05:43
Credential Exfiltration 06:35
Outro 06:41
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Hak5 — Cyber Security Education, Inspiration, News & Community since 2005:
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
____________________________________________
Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.