su-bruteforce icon indicating copy to clipboard operation
su-bruteforce copied to clipboard

Published 20 hours ago verified publisher icon carlospolop

Deal with pam_faildelay

Open kizzx2 opened this issue 1 year ago • 0 comments

If pam_faildelay is active, this script will give false negative.

How to reproduce

  • Activate pam_faildelay according to the above page

  • Use the script with bash suBF.sh -u root -w wordlist.txt with the following trivial list:

    bad_password
correct_password

Expected behavior

  • Best: detect pam_faildelay is running, fetch the correct sleep values, print it out in the output and "do the right thing"
  • Next best: Detect pam_faildelay is running, output a warning in the output so the user can decide how to deal with it
  • At least: mention pam_faildelay in README.md so users can be aware of this

Actual behavior

Now it just outputs Wordlist exhausted as a false negative

kizzx2 avatar Oct 22 '23 16:10 kizzx2