« Firestarter — Visual Firewall Program
The Four ” P ” of System Security »

sucrack - a su cracker

By Pavs on December 5th, 2007

sucrack is multithreaded a Linux/UNIX tool for cracking local user accounts via wordlist bruteforcing su.

In order to run sucrack, you need to specify a wordlist:

sucrack wordlist.txt

You generally will have two options for printing the progress and the statistics (if you have compiled sucrack with the `–enable-statistics’ flag). Either by using ansi escapes codes, what makes it look nicer or without. The -a flag indicates, whether ansi escape codes should be used or not.

sucrack -a wordlist.txt





The interval for reprinting the statistics is set to 3 seconds by default. You can alter that interval using the -s flag or disable the auto reprinting functionality and print the output on any key pressed.

sucrack -s 10 -a wordlist.txt

This disables the auto reprinting functionality:

sucrack -c -a wordlist.txt

By default, failed authentications on various Linux distributions causes a three seconds delay. sucrack is multithreaded, so that while a thread is waiting those seconds, others can do su. It is not advisable to run sucrack with more than one worker thread, if there is no such delay, as it slows down the overall process. Run sucrack with ten worker threads:

sucrack -w 10 wordlist.txt

There is another thread running, besides of the worker threads. The dictionary thread reads the words from the wordlist and puts them into an internal buffer. By default, that buffer is a static array. You can set the buffer to be a dynamic list with the `–with-dynamic-list’ configuration flag. In both cases, you can alter the size of the buffer with the -b option. By default, the buffer size is set to the number of worker threads plus one. Consider, that it can’t never be less than that.

sucrack -b 50 -w 10 wordlist.txt

In that example, the dictionary thread will always try to have 50 words in the buffer to offer them to the 10 worker threads.

However it is not advisable to add very high number of workers or high number of words in the buffer. As this can cause serious CPU hogging and also might result in crashing your system.

2007-12-05-191332_1280x800_scrot 2007-12-05-191404_1280x800_scrot

In this example my system was working on a 800 buffer words and 50 workers, I also went as far as 500 workers. The system slowed down to a crawl…

2007-12-05-191834_1280x800_scrot

If you wan’t to su to another user than root, then specify the username with the -u flag:

sucrack -u myuser wordlist.txt

The rewriter is a helpful addon. It is rewriting the words from the wordlist by certain rules and enqueues them to the word buffer. To enable the rewriter use -r and to set up your rules -l:

sucrack -r -l AFL wordlist.txt

Here is an overview over the rules:

untitled

All rules run at least once. The `D’ and `d’ rule rewrite a word ten times and append each digit once.

[ Taken from sucrack readme http://www.leidecker.info/downloads/sucrack/README , pictures added by me ]

Related Posts:


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.