Cracking passwords of X logged on users

Cracking passwords on modern Linux distributions is excruciatingly slow. Once you are root, the most reliable way is to backdoor the system (or strace it) and wait for somebody to log in. The laziest way is to gcore gdm-session-worker or gnome-keyring-daemon, string the core and use it to build a wordlist.

I suggest you use gdm-session-worked as it is much more smaller, contains the login password, and will produce a wordlist of less than 6000 words.

Of course, it would be much more effective to check how each program accepting passwords handle the cleartext, but it is just not lazy.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s