[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#414534: ITP: sucrack -- multithreaded su bruteforcer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/12/07 12:14, Tim Brown wrote:
> On Monday 12 March 2007 17:06, you wrote:
>>> * Package name    : sucrack
>>>   Version         : 1.1
>>>   Upstream Author : Nico Leidecker <nfl@portcullis-security.com>
>>> * URL             : http://www.leidecker.info/
>>> * License         : GPL
>>>   Programming Lang: C
>>>   Description     : multithreaded su bruteforcer
>>>
>>> sucrack is a multithreaded Linux/UNIX tool for cracking local user
>>> accounts via wordlist bruteforcing su
>> What advantages does this tool have over John the Ripper (Debian package
>> "john")?
> 
> John actually requires you have access to the hashed / encrypted passwords.  
> Since sucrack drives a console tool (by default su) it can be used in places 
> where John can't - for example auditing SSH key phrases, or where the 
> penetration tester is attempting to escalate privileges on an already 
> compromised system.

But primarily the black hat.  The only other app this guy has for
public download is:
    mailgrab 1.1
    A simple Perl script, that is crawling through a site
    and extracting every email address or HTML comment.
    Additional features in version 1.1 are to not let the
    script follow links to other sites than the initial given
    one and sending requests via proxy servers.

> 
> Tim

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF9ZRKS9HxQb37XmcRAgolAKCqogW/eBeLlV4p21B7CY5yfDxE+wCeNQMz
vbePya6J1kEZf+t3Woz6cBw=
=mpHc
-----END PGP SIGNATURE-----
Reply to: