Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
On Monday 12 March 2007 13:57, Marco d'Itri wrote:
> On Mar 12, Tim Brown <timb@nth-dimension.org.uk> wrote:
> > I'm packaging a bunch of security tools that I use in my job pen testing.
>
> I do not understand how you would use such a tool in packaged form.
> If you can install a package then obviously you already have root
> access, and at that point you can check the passwords strength by
> directly accessing /etc/shadow.
It's built statically. Normally what happens, is that during an assessment,
if a local account is compromised, then sucrack is copied across and an
attack against root occurs. Additionally, because this tool doesn't rely on
having access to the hashes, but actually drives su (or other tools), it can
be used against for example "custom" encryption schemes that may be used by
3rd parties. I've also had it drive ssh-agent to audit key phrases too.
Why package it? Other than the practical uses outlined above, because having
binaries on a system outside of the package management system is a PITA to
keep track of / update and it makes building a new system very quick.
I can see this tool isn't for everyone, but then that probably goes for a
large number of tools packaged by Debian (depending on what you use your
systems for).
Tim
--
Tim Brown
<mailto:timb@nth-dimension.org.uk>
<http://www.nth-dimension.org.uk/>
Reply to: