sucrack is a multithreaded Linux/UNIX tool for brute-force cracking local user accounts via su. This tool comes in handy as final instance on a system where you have not to many privileges but you are in the wheel group. Many su implementations require a pseudo terminal to be attached in order to take the password from the user. This is why you couldn't just use a simple shell script to do this work. This tool, written in c, is highly efficient and can attempt multiple logins at the same time. Please be advised that using this tool will take a lot of the CPU performance and fill up the logs quite quickly. sucrack is so far known to be running on FreeBSD, NetBSD, Linux
./configure make make installYou have two further compiling flags:
Or advise it to read the passwords from stdin. In that case other tools with smart password generation algorithms could be easily used. For instance John The Ripper:
john --stdout --incremental | sucrack -
You generally will have two options for printing the progress and the statistics (if you have compiled sucrack with the `--enable-statistics' flag). Either by using ansi escapes codes, what makes it look nicer or without. The -a flag indicates, whether ansi escape codes should be used or not.
sucrack -a wordlist.txt
The interval for reprinting the statistics is set to 3 seconds by default. You can alter that interval using the -s flag or disable the auto reprinting functionality and print the output on any key pressed.
sucrack -s 10 -a wordlist.txt
This disables the auto reprinting functionality:
sucrack -c -a wordlist.txt
By default, failed authentications on various Linux distributions causes a three seconds delay. sucrack is multithreaded, so that while a thread is waiting those seconds, others can do su. It is not advisable to run sucrack with more than one worker thread, if there is no such delay, as it slows down the overall process. Run sucrack with ten worker threads:
sucrack -w 10 wordlist.txt
There is another thread running, besides of the worker threads. The dictionary thread reads the words from the wordlist and puts them into an internal buffer. By default, that buffer is a static array. You can set the buffer to be a dynamic list with the `--with-dynamic-list' configuration flag. In both cases, you can alter the size of the buffer with the -b option. By default, the buffer size is set to the number of worker threads plus one. Consider, that it can't never be less than that.
sucrack -b 50 -w 10 wordlist.txt
In that example, the dictionary thread will always try to have 50 words in the buffer to offer them to the 10 worker threads.
If you wan't to su to another user than root, then specify the username with the -u flag:
sucrack -u myuser wordlist.txt
The rewriter is a helpful addon. It is rewriting the words from the word list by certain rules and enqueues them to the word buffer. To enable the rewriter use -r and to set up your rules -l:
sucrack -r -l AFL wordlist.txt
Here is an overview over the rules:
rule description original rewritten A all characters to upper case myPassword MYPASSWORD F first character to upper case myPassword MyPassword L last character to upper case myPassword myPassworD a all characters to lower case AnotherPASS anotherpass f first character to lower case AnotherPASS anotherPASS l last character to lower case AnotherPASS AnotherPASs D prepend a digit (0..9) password 1password d append a digit (0..9) password password1 e 1337ify the word password p455w0rd x enable all of the above rules
All rules run at least once. The `D' and `d' rule rewrite a word ten times and append each digit once.