07-13-2012
This is the reason you need to use a third-party brute-forcing utility like expect to kludge plaintext passwords into things: It's a subtle message, writ in mile-high flashing neon, that doing so is an extremely bad idea. As you've independently discovered.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi,
Does anybody know how to change the password on multiple servers with a script. I have 300 Sun boxes and the password expiry is set to 30 days. Im in a process to build a script using expect. Need a help from an expert who has already done it.
Regards,
Vinod (1 Reply)
Discussion started by: chellam
1 Replies
2. Shell Programming and Scripting
Hi,
I am writing a UNIX .ksh script and need to send the login password of the login id that is executing the script to a command that I am executing in the script. I don't want that password to be seen by anyone except whoever is executing the script.
Does anyone know how I can accomplish... (6 Replies)
Discussion started by: samd
6 Replies
3. Shell Programming and Scripting
Could someone please help me...I have an expect script. There's a need for a log in during the script and a password is required...right now the password is just a variable in the expect script...what would be the best way to put that in an encrypted flat file and have the expect script pull the... (2 Replies)
Discussion started by: cubs0729
2 Replies
4. UNIX for Advanced & Expert Users
Hello folks
I have a conf file ,say 'pass.conf' ,which is storing ascii password : PASS1111.
I need to encrypt this password once and store it in a file.
I ,then need to write a script which would read this encrypted password and decrypts it.The o/p o this script shud be this decrypted... (8 Replies)
Discussion started by: ak835
8 Replies
5. Shell Programming and Scripting
Dear folks,
The title of my thread says mostly all of what I want to do. Basically I want to auto-ssh to a remote host, and run a program on it (VLC is just an example). I wrote a script which calls xterm and then runs expect on it. The code is as follow
#!/bin/bash
export PASS="xxxxxxx"... (22 Replies)
Discussion started by: dukevn
22 Replies
6. Shell Programming and Scripting
Hi
I have following problem Im writing a script (in bash ) , where need to be written login & passwd for databas client .
Its need to in following form login passwd@dbhostname .
The problem is so anybody can read it so the passwd & login are visible and thats not very safety .
Can... (8 Replies)
Discussion started by: kvok
8 Replies
7. Shell Programming and Scripting
All,
I am trying to use expect to send SFTP password because I am unable to share a key with the vendor.
They gave me a password that uses some symbols in it like $ and !
When i try to use the send command in expect it thinks the $ is a variable.
Is there anyway to have it send the... (2 Replies)
Discussion started by: markdjones82
2 Replies
8. Shell Programming and Scripting
Dear All,
I have a requirement where I have to SFTP or SCP a file in a batch script. Unfortunately, the destination server setup is such that it doesn't allow for shell command line login. So, I am not able to set up SSH keys. My source server is having issues with Expect. So, unable to use... (5 Replies)
Discussion started by: ss112233
5 Replies
9. Shell Programming and Scripting
I have a script that does an SSH into a remote node. It should expect the prompt and send the password.
#!/usr/bin/expect
set user ;
set pass ;
spawn ssh $user@E-Internal
expect {
-re "RSA key fingerprint" {send "yes\r"}
timeout... (1 Reply)
Discussion started by: Junaid Subhani
1 Replies
10. Shell Programming and Scripting
I am writing a shell script for sql loader (just copy part of the code) :
For security reason, I have to put the below loginName and password into another separate file instead of in the same file of this script.
Anyone can give me a hand. Thanks.
Shell Script :... (12 Replies)
Discussion started by: Jaewong
12 Replies
LEARN ABOUT DEBIAN
sucrack
SUCRACK(1) General Commands Manual SUCRACK(1)
NAME
sucrack - is a multithreaded Linux/UNIX tool for brute-force cracking of local user accounts via su.
SYNOPSIS
sucrack [options] wordlist
DESCRIPTION
sucrack is a multithreaded Linux/UNIX tool brute-force cracking tool that drives su(1) with referencing a specific user and uses words from
a wordlist as passwords. Running sucrack does not require high privileges on the target system.
OPTIONS
sucrack allows reading passwords from stdin. In that case, use '-' instead of a filename as wordlist parameter.
Common options:
-h print help message
-a use ansi escape codes for nice looking statistics (requires --enable-statistics configuration flag)
-s <seconds>
statistics display intervall (requires --enable-statistics configuration flag)
-c only print statistics if a key other than `q' is pressed
-r enable rewriting of dictionary words (see rules below)
-w <num>
number of threads to run with.
-b <size>
size of the word list buffer
-u <user>
user account to su to
-l <rules>
specify certain rules for the rewriting process
Rewriting rules:
A Rewrite word with only upper case characters
F Rewrite word with first character as upper case
L Rewrite word with last character as upper case
a Rewrite word with only lower case characters
f Rewrite word with first character as lower case
l Rewrite word with last character as lower case
D Prepend each digit (0-9) to the word
d Append each digit (0-9) to the word
e enleet the word
x apply all rules to a word
ENVIRONMENT VARIABLES
SUCRACK_SU_PATH
The path to su (usually /bin/su or /usr/bin/su)
SUCRACK_AUTH_FAILURE
The message su returns on an authentication failure (like "su: Authentication failure" or "su: Sorry")
SUCRACK_AUTH_SUCCESS
The message that indicates an authentication success. This message must not be a password listed in the wordlist (default is
"SUCRACK_SUCCESS")
AUTHOR
Nico Leidecker <nfl@portcullis-security.com>
http://www.leidecker.info
SEE ALSO
su(1)
Version 1.2.3 SUCRACK(1)