[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer

On Monday 12 March 2007 17:06, you wrote:
> > * Package name    : sucrack
> >   Version         : 1.1
> >   Upstream Author : Nico Leidecker <nfl@portcullis-security.com>
> > * URL             : http://www.leidecker.info/
> > * License         : GPL
> >   Programming Lang: C
> >   Description     : multithreaded su bruteforcer
> >
> > sucrack is a multithreaded Linux/UNIX tool for cracking local user
> > accounts via wordlist bruteforcing su
>
> What advantages does this tool have over John the Ripper (Debian package
> "john")?

John actually requires you have access to the hashed / encrypted passwords.  
Since sucrack drives a console tool (by default su) it can be used in places 
where John can't - for example auditing SSH key phrases, or where the 
penetration tester is attempting to escalate privileges on an already 
compromised system.

Tim
-- 
Tim Brown
<mailto:timb@nth-dimension.org.uk>
<http://www.nth-dimension.org.uk/>
Reply to: