sucrack

sucrack is designed for brute-force cracking of local user accounts using the su command. It proves useful when access to a low-privilege user account has been gained, but su to other users is allowed. The tool overcomes limitations in many su implementations that require a pseudo terminal for password input, which cannot be easily simulated with shell scripts.

Written in C, sucrack is highly efficient and supports multiple simultaneous login attempts through multithreading. This makes it suitable for rapid wordlist-based attacks on local accounts. The tool has a small installed size of 49 KB and depends on libc6.

It targets Linux/UNIX environments where local privilege escalation via su passwords is possible.

sucrack performs wordlist bruteforcing against su commands for local user accounts. It attaches pseudo terminals to handle su's requirement for interactive password input, enabling parallel multithreaded login attempts. Implemented in C for high efficiency, it simulates multiple su sessions concurrently to test passwords from a wordlist.