Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
On Monday 12 March 2007 17:06, you wrote:
> > * Package name : sucrack
> > Version : 1.1
> > Upstream Author : Nico Leidecker <nfl@portcullis-security.com>
> > * URL : http://www.leidecker.info/
> > * License : GPL
> > Programming Lang: C
> > Description : multithreaded su bruteforcer
> >
> > sucrack is a multithreaded Linux/UNIX tool for cracking local user
> > accounts via wordlist bruteforcing su
>
> What advantages does this tool have over John the Ripper (Debian package
> "john")?
John actually requires you have access to the hashed / encrypted passwords.
Since sucrack drives a console tool (by default su) it can be used in places
where John can't - for example auditing SSH key phrases, or where the
penetration tester is attempting to escalate privileges on an already
compromised system.
Tim
--
Tim Brown
<mailto:timb@nth-dimension.org.uk>
<http://www.nth-dimension.org.uk/>
Reply to: