Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer

To: Hendrik Sattler <debian@hendrik-sattler.de>
Cc: debian-devel@lists.debian.org, 414534@bugs.debian.org
Subject: Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
From: Tim Brown <timb@nth-dimension.org.uk>
Date: Mon, 12 Mar 2007 17:35:15 +0000
Message-id: <[🔎] 200703121735.16110.timb@nth-dimension.org.uk>
In-reply-to: <200703121814.57808.debian@hendrik-sattler.de>
References: <[🔎] 20070312113055.7600.58412.reportbug@thanatos> <200703121619.50006.timb@nth-dimension.org.uk> <200703121814.57808.debian@hendrik-sattler.de>

> Nope since he that did not go to d-d. Maybe you can outline professional
> uses in the description like done in the previous answers?

As to previous answers, verbatim:

I'm packaging a bunch of security tools that I use in my job pen testing.  
There are already a number of people both internally and at other security 
companies using my packages, so I figured they'd be useful to the community.  
I actually have a mentor for these packages already, so it seems there are 
Debian developers that agree.

and:

It's built statically.  Normally what happens, is that during an assessment, 
if a local account is compromised, then sucrack is copied across and an 
attack against root occurs.  Additionally, because this tool doesn't rely on 
having access to the hashes, but actually drives su (or other tools), it can 
be used against for example "custom" encryption schemes that may be used by 
3rd parties.  I've also had it drive ssh-agent to audit key phrases too.

Why package it?  Other than the practical uses outlined above, because having 
binaries on a system outside of the package management system is a PITA to 
keep track of / update and it makes building a new system very quick.

I can see this tool isn't for everyone, but then that probably goes for a 
large number of tools packaged by Debian (depending on what you use your 
systems for).

> IANAL but there may be countries where distributing such a tool, with it's
> main/only purpose to break access restrictions, may not be legal (there was
> some discussion about this in Germany but I did not follow it closely).

The upstream developer is German, I will discuss with him any due diligence he 
may have performed and report back (he's AFK for next week or so).  
Personally, I am English.  Through my day job, I have clarification regarding 
changes to UK law that might affect this tool and we have had assurances that 
legitimate security researchers and the tools they develop will not be 
targetted here in the UK.

Tim
-- 
Tim Brown
<mailto:timb@nth-dimension.org.uk>
<http://www.nth-dimension.org.uk/>

Reply to:

Follow-Ups:
- Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
  - From: Joerg Jaspert <joerg@debian.org>
- Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
  - From: Moritz Muehlenhoff <jmm@inutil.org>

References:
- Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
  - From: Tim Brown <timb@nth-dimension.org.uk>

Prev by Date: Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
Next by Date: Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
Previous by thread: Re: fakechroot - anyone using it, should I consider hijacking it?
Next by thread: Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
Index(es):
- Date
- Thread