Password Reuse
Whenever you see a user account or a credential, then write it down and compile a users wordlist and a passwords wordlist. You can then try out all these combinations on all services you want access to.
Note: Don't use this script to bruteforce user account passwords, it sucks
Sucrack
On linux, use sucrack. Link to static binary.
Building the static binary:
# Make sure you have all the libraries you need.
# This is to get rid of the "you don't have the aclocal library" error message
autoreconf -f -i
./configure --enable-static-linking
make
Enumerating through a users and passwords list:
for i in $(cat ./users.txt); do echo "Cracking $i"; ./sucrack -u "$user" ./passwords.txt ; done
Warning: Running sucrack may break your reverse shell a bit!
Last updated
Was this helpful?