Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/12/07 12:14, Tim Brown wrote:
> On Monday 12 March 2007 17:06, you wrote:
>>> * Package name : sucrack
>>> Version : 1.1
>>> Upstream Author : Nico Leidecker <nfl@portcullis-security.com>
>>> * URL : http://www.leidecker.info/
>>> * License : GPL
>>> Programming Lang: C
>>> Description : multithreaded su bruteforcer
>>>
>>> sucrack is a multithreaded Linux/UNIX tool for cracking local user
>>> accounts via wordlist bruteforcing su
>> What advantages does this tool have over John the Ripper (Debian package
>> "john")?
>
> John actually requires you have access to the hashed / encrypted passwords.
> Since sucrack drives a console tool (by default su) it can be used in places
> where John can't - for example auditing SSH key phrases, or where the
> penetration tester is attempting to escalate privileges on an already
> compromised system.
But primarily the black hat. The only other app this guy has for
public download is:
mailgrab 1.1
A simple Perl script, that is crawling through a site
and extracting every email address or HTML comment.
Additional features in version 1.1 are to not let the
script follow links to other sites than the initial given
one and sending requests via proxy servers.
>
> Tim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF9ZRKS9HxQb37XmcRAgolAKCqogW/eBeLlV4p21B7CY5yfDxE+wCeNQMz
vbePya6J1kEZf+t3Woz6cBw=
=mpHc
-----END PGP SIGNATURE-----
Reply to: