On this episode of HakByte, https://www.youtube.com/channel/UC92rvEjR-5ggjVUotRK8UQA demonstrates how a sneaky Linux alias can steal your sudo password - and how an attacker can install a phishing script on your computer in seconds, using a Hak5 BashBunny.
This video is sponsored by PCBWay: https://www.pcbway.com/
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Fake Sudo Payload: https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/phishing/fake-sudo
Buy a Bash Bunny: null
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Alex's Twitter: https://twitter.com/AlexLynd
Alex's Website: http://alexlynd.com/
Alex's GitHub: https://github.com/AlexLynd
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Chapters:
Intro 00:00
PCBWay Ad 00:17
What is Sudo? 00:33
Privilege Escalation Attacks 01:02
Attack Demo Overview 01:28
What You'll Need 01:42
BashBunny Script Explainer 02:02
What are Aliases? 03:44
Phishing Script Overview 04:24
Arming the Bash Bunny 05:14
Phishing Demo 05:43
Credential Exfiltration 06:35
Outro 06:41
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org/
Shop → null
Subscribe → null
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
28 Comments