sucrack

sucrack [options] wordlist

sucrack is a multithreaded Linux/UNIX tool brute-force cracking tool that drives su(1) with referencing a specific user and uses words from a wordlist as passwords. Running sucrack does not require high privi‐ leges on the target system.

sucrack allows reading passwords from stdin. In that case, use '-' in‐ stead of a filename as wordlist parameter. Common options: -h print help message -a use ansi escape codes for nice looking statistics (requires --enable-statistics configuration flag) -s statistics display intervall (requires --enable-statistics con‐ figuration flag) -c only print statistics if a key other than `q' is pressed -r enable rewriting of dictionary words (see rules below) -w number of threads to run with. -b size of the word list buffer -u user account to su to -l specify certain rules for the rewriting process Rewriting rules: A Rewrite word with only upper case characters F Rewrite word with first character as upper case L Rewrite word with last character as upper case a Rewrite word with only lower case characters f Rewrite word with first character as lower case l Rewrite word with last character as lower case D Prepend each digit (0-9) to the word d Append each digit (0-9) to the word e enleet the word x apply all rules to a word

SUCRACK_SU_PATH The path to su (usually /bin/su or /usr/bin/su) SUCRACK_AUTH_FAILURE The message su returns on an authentication failure (like "su: Authentication failure" or "su: Sorry") SUCRACK_AUTH_SUCCESS The message that indicates an authentication success. This mes‐ sage must not be a password listed in the wordlist (default is "SUCRACK_SUCCESS")

su(1) Version 1.2.3 SUCRACK(1)

Nico Leidecker http://www.leidecker.info