Cracking passwords of X logged on users

Cracking passwords on modern Linux distributions is excruciatingly slow. Once you are root, the most reliable way is to backdoor the system (or strace it) and wait for somebody to log in. The laziest way is to gcore gdm-session-worker or gnome-keyring-daemon, string the core and use it to build a wordlist.

I suggest you use gdm-session-worked as it is much more smaller, contains the login password, and will produce a wordlist of less than 6000 words.

Of course, it would be much more effective to check how each program accepting passwords handle the cleartext, but it is just not lazy.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s