Re: [W3af-develop] I want to help
Leo, Finally, and after s much time, I decided to finish this feature. I used your make_leet code (with small modifications) and integrated it into the framework. If you want to see the SVN commit log, and the modifications, you can go here: http://w3af.svn.sourceforge.net/viewvc/w3af?view=revrevision=2934 Cheers, On Mon, Mar 30, 2009 at 9:37 PM, leo fishmanleo.mail...@gmail.com wrote: Here is a new version, if its ok, I can start coding the append to the kb. On Fri, Mar 27, 2009 at 5:38 PM, Andres Riancho andres.rian...@gmail.com wrote: Leo, On Fri, Mar 27, 2009 at 5:27 PM, leo fishman leo.mail...@gmail.com wrote: Andres, Thanks a lot for your patient and good intention, I won't let you down. Can anybody give me a list of all the options desired? It would be better to pass same parameter to the funtion indicating how to leet? The possibilities are endless, as the wikipedia states and me myself sometime use: a:@ d:0 l:1 i:1 t:7 or + s:$ I think that this would be the list of things to l33t: - a:4 - e:3 - i:1 - o:0 - t:7 - s:5 The last two, are optional, so: - input: 'admins' - output: ['4dm1ns','4dm1n5'] In other words, leetyfying the s is optional - input: 'elite' - output: ['3l1t3', '3l173'] Another silly question, do you keep a central database with most used passwords? Yes, core/controllers/bruteforce/passwords.txt. if not, that may help a little, of course, we have to keep the privacy and only store passwords and no other info. I ONLY MEANT TO HAVE A CENTRALIZED PASSWORD DATABASE FOR STATISTICAL PORPOUSE. FOR EXAMPLE, IF WE FIND OUT THAT MANY PEOPLE USE: MARADONA10 AS PASSWORD, IT WOULD BE A VERY USEFULL INFO TO ADD TO PASSWORD.TXT I don't understand your point. Can you also lead me on how to use the kb to update the results? maybe showing me other functions that do the same. The kb has three basic methods: - save - append - getData By reading the source code comments, source code documentation, and the grep.pathDisclosure plugin, you should get an idea on how to use them. Its ok to send the script to your personal mail then? I think that my mail to the list didn't go trough Please send to the mailing list, the emails with attachments go through, I may do it Sunday afternoon. Ok, thanks! Thanks a lot, On Thu, Mar 26, 2009 at 8:39 PM, Andres Riancho andres.rian...@gmail.com wrote: Leo, On Wed, Mar 25, 2009 at 7:25 AM, leo fishman leo.mail...@gmail.com wrote: This is a file with the funcion, if its working as desired, how can I update the kb ? First, some comments: - I like the I use google spirit, because I do the same, but... if you are learning, you better make a 10 line function and use your brain, instead of searching google ;) - The function isn't working as expected, because in the discussion we decided that: - input: 'admins' - output: ['4dm1ns','4dm1n5'] In other words, leetyfying the s is optional - input: 'elite' - output: ['3l1t3', '3l173'] In other words, leetyfying the t is optional I just commited a slightly modified version of your code, you might check it out here [0]. Please work with that version as a base. PS: Please use inline to answer emails. [0] http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/core/controllers/misc/make_leet.py?revision=2781view=markup Cheers, On Mon, Mar 23, 2009 at 7:04 PM, Andres Riancho andres.rian...@gmail.com wrote: Leo, On Mon, Mar 23, 2009 at 6:10 PM, leo fishman leo.mail...@gmail.com wrote: Hello, I want to help with some microtask. Please, bare in mind that I don't know the framwork very well. Thanks for your email! New contributors are ALWAYS welcome =) I just found a nice task that you could perform [0]. Basically, we need to perform these steps: 1.- In core/controllers/misc/ you should create a new file named make_leet.py . Inside that file, you have to create a function that converts: admin into 4dm1n... you know... make it elite. You should name the function make_leet. 2.- After the function is working, you should modify the passwordProfiling plugin, in order to add leet versions of all the top words to the result. Example of result before your patch: - admin - global - spam - eggs Result after your patch: - admin - 4dm1n - global - gl0b4l - spam - 5p4m - eggs - 3gg5 Results are saved in kb.kb.getData( 'passwordProfiling', 'passwordProfiling' ) and used in bruteforce plugins as passwords for default users. If you have any questions, don't hesitate to ask them here! [0] https://sourceforge.net/tracker/?func=detailaid=2664893group_id=170274atid=853655 Thanks, Leo
Re: [W3af-develop] I want to help
Here is a new version, if its ok, I can start coding the append to the kb. On Fri, Mar 27, 2009 at 5:38 PM, Andres Riancho andres.rian...@gmail.comwrote: Leo, On Fri, Mar 27, 2009 at 5:27 PM, leo fishman leo.mail...@gmail.com wrote: Andres, Thanks a lot for your patient and good intention, I won't let you down. Can anybody give me a list of all the options desired? It would be better to pass same parameter to the funtion indicating how to leet? The possibilities are endless, as the wikipedia states and me myself sometime use: a:@ d:0 l:1 i:1 t:7 or + s:$ I think that this would be the list of things to l33t: - a:4 - e:3 - i:1 - o:0 - t:7 - s:5 The last two, are optional, so: - input: 'admins' - output: ['4dm1ns','4dm1n5'] In other words, leetyfying the s is optional - input: 'elite' - output: ['3l1t3', '3l173'] Another silly question, do you keep a central database with most used passwords? Yes, core/controllers/bruteforce/passwords.txt. if not, that may help a little, of course, we have to keep the privacy and only store passwords and no other info. I ONLY MEANT TO HAVE A CENTRALIZED PASSWORD DATABASE FOR STATISTICAL PORPOUSE. FOR EXAMPLE, IF WE FIND OUT THAT MANY PEOPLE USE: MARADONA10 AS PASSWORD, IT WOULD BE A VERY USEFULL INFO TO ADD TO PASSWORD.TXT I don't understand your point. Can you also lead me on how to use the kb to update the results? maybe showing me other functions that do the same. The kb has three basic methods: - save - append - getData By reading the source code comments, source code documentation, and the grep.pathDisclosure plugin, you should get an idea on how to use them. Its ok to send the script to your personal mail then? I think that my mail to the list didn't go trough Please send to the mailing list, the emails with attachments go through, I may do it Sunday afternoon. Ok, thanks! Thanks a lot, On Thu, Mar 26, 2009 at 8:39 PM, Andres Riancho andres.rian...@gmail.com wrote: Leo, On Wed, Mar 25, 2009 at 7:25 AM, leo fishman leo.mail...@gmail.com wrote: This is a file with the funcion, if its working as desired, how can I update the kb ? First, some comments: - I like the I use google spirit, because I do the same, but... if you are learning, you better make a 10 line function and use your brain, instead of searching google ;) - The function isn't working as expected, because in the discussion we decided that: - input: 'admins' - output: ['4dm1ns','4dm1n5'] In other words, leetyfying the s is optional - input: 'elite' - output: ['3l1t3', '3l173'] In other words, leetyfying the t is optional I just commited a slightly modified version of your code, you might check it out here [0]. Please work with that version as a base. PS: Please use inline to answer emails. [0] http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/core/controllers/misc/make_leet.py?revision=2781view=markup Cheers, On Mon, Mar 23, 2009 at 7:04 PM, Andres Riancho andres.rian...@gmail.com wrote: Leo, On Mon, Mar 23, 2009 at 6:10 PM, leo fishman leo.mail...@gmail.com wrote: Hello, I want to help with some microtask. Please, bare in mind that I don't know the framwork very well. Thanks for your email! New contributors are ALWAYS welcome =) I just found a nice task that you could perform [0]. Basically, we need to perform these steps: 1.- In core/controllers/misc/ you should create a new file named make_leet.py . Inside that file, you have to create a function that converts: admin into 4dm1n... you know... make it elite. You should name the function make_leet. 2.- After the function is working, you should modify the passwordProfiling plugin, in order to add leet versions of all the top words to the result. Example of result before your patch: - admin - global - spam - eggs Result after your patch: - admin - 4dm1n - global - gl0b4l - spam - 5p4m - eggs - 3gg5 Results are saved in kb.kb.getData( 'passwordProfiling', 'passwordProfiling' ) and used in bruteforce plugins as passwords for default users. If you have any questions, don't hesitate to ask them here! [0] https://sourceforge.net/tracker/?func=detailaid=2664893group_id=170274atid=853655 Thanks, Leo -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging.
Re: [W3af-develop] I want to help
Andres, Thanks a lot for your patient and good intention, I won't let you down. Can anybody give me a list of all the options desired? It would be better to pass same parameter to the funtion indicating how to leet? The possibilities are endless, as the wikipedia states and me myself sometime use: a:@ d:0 l:1 i:1 t:7 or + s:$ Another silly question, do you keep a central database with most used passwords? if not, that may help a little, of course, we have to keep the privacy and only store passwords and no other info. Can you also lead me on how to use the kb to update the results? maybe showing me other functions that do the same. Its ok to send the script to your personal mail then? I think that my mail to the list didn't go trough I may do it Sunday afternoon. Thanks a lot, On Thu, Mar 26, 2009 at 8:39 PM, Andres Riancho andres.rian...@gmail.comwrote: Leo, On Wed, Mar 25, 2009 at 7:25 AM, leo fishman leo.mail...@gmail.com wrote: This is a file with the funcion, if its working as desired, how can I update the kb ? First, some comments: - I like the I use google spirit, because I do the same, but... if you are learning, you better make a 10 line function and use your brain, instead of searching google ;) - The function isn't working as expected, because in the discussion we decided that: - input: 'admins' - output: ['4dm1ns','4dm1n5'] In other words, leetyfying the s is optional - input: 'elite' - output: ['3l1t3', '3l173'] In other words, leetyfying the t is optional I just commited a slightly modified version of your code, you might check it out here [0]. Please work with that version as a base. PS: Please use inline to answer emails. [0] http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/core/controllers/misc/make_leet.py?revision=2781view=markup Cheers, On Mon, Mar 23, 2009 at 7:04 PM, Andres Riancho andres.rian...@gmail.com wrote: Leo, On Mon, Mar 23, 2009 at 6:10 PM, leo fishman leo.mail...@gmail.com wrote: Hello, I want to help with some microtask. Please, bare in mind that I don't know the framwork very well. Thanks for your email! New contributors are ALWAYS welcome =) I just found a nice task that you could perform [0]. Basically, we need to perform these steps: 1.- In core/controllers/misc/ you should create a new file named make_leet.py . Inside that file, you have to create a function that converts: admin into 4dm1n... you know... make it elite. You should name the function make_leet. 2.- After the function is working, you should modify the passwordProfiling plugin, in order to add leet versions of all the top words to the result. Example of result before your patch: - admin - global - spam - eggs Result after your patch: - admin - 4dm1n - global - gl0b4l - spam - 5p4m - eggs - 3gg5 Results are saved in kb.kb.getData( 'passwordProfiling', 'passwordProfiling' ) and used in bruteforce plugins as passwords for default users. If you have any questions, don't hesitate to ask them here! [0] https://sourceforge.net/tracker/?func=detailaid=2664893group_id=170274atid=853655 Thanks, Leo -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ -- ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] I want to help
Leo, On Wed, Mar 25, 2009 at 7:25 AM, leo fishman leo.mail...@gmail.com wrote: This is a file with the funcion, if its working as desired, how can I update the kb ? First, some comments: - I like the I use google spirit, because I do the same, but... if you are learning, you better make a 10 line function and use your brain, instead of searching google ;) - The function isn't working as expected, because in the discussion we decided that: - input: 'admins' - output: ['4dm1ns','4dm1n5'] In other words, leetyfying the s is optional - input: 'elite' - output: ['3l1t3', '3l173'] In other words, leetyfying the t is optional I just commited a slightly modified version of your code, you might check it out here [0]. Please work with that version as a base. PS: Please use inline to answer emails. [0] http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/core/controllers/misc/make_leet.py?revision=2781view=markup Cheers, On Mon, Mar 23, 2009 at 7:04 PM, Andres Riancho andres.rian...@gmail.com wrote: Leo, On Mon, Mar 23, 2009 at 6:10 PM, leo fishman leo.mail...@gmail.com wrote: Hello, I want to help with some microtask. Please, bare in mind that I don't know the framwork very well. Thanks for your email! New contributors are ALWAYS welcome =) I just found a nice task that you could perform [0]. Basically, we need to perform these steps: 1.- In core/controllers/misc/ you should create a new file named make_leet.py . Inside that file, you have to create a function that converts: admin into 4dm1n... you know... make it elite. You should name the function make_leet. 2.- After the function is working, you should modify the passwordProfiling plugin, in order to add leet versions of all the top words to the result. Example of result before your patch: - admin - global - spam - eggs Result after your patch: - admin - 4dm1n - global - gl0b4l - spam - 5p4m - eggs - 3gg5 Results are saved in kb.kb.getData( 'passwordProfiling', 'passwordProfiling' ) and used in bruteforce plugins as passwords for default users. If you have any questions, don't hesitate to ask them here! [0] https://sourceforge.net/tracker/?func=detailaid=2664893group_id=170274atid=853655 Thanks, Leo -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ -- ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] I want to help
This is a file with the funcion, if its working as desired, how can I update the kb ? On Mon, Mar 23, 2009 at 7:04 PM, Andres Riancho andres.rian...@gmail.comwrote: Leo, On Mon, Mar 23, 2009 at 6:10 PM, leo fishman leo.mail...@gmail.com wrote: Hello, I want to help with some microtask. Please, bare in mind that I don't know the framwork very well. Thanks for your email! New contributors are ALWAYS welcome =) I just found a nice task that you could perform [0]. Basically, we need to perform these steps: 1.- In core/controllers/misc/ you should create a new file named make_leet.py . Inside that file, you have to create a function that converts: admin into 4dm1n... you know... make it elite. You should name the function make_leet. 2.- After the function is working, you should modify the passwordProfiling plugin, in order to add leet versions of all the top words to the result. Example of result before your patch: - admin - global - spam - eggs Result after your patch: - admin - 4dm1n - global - gl0b4l - spam - 5p4m - eggs - 3gg5 Results are saved in kb.kb.getData( 'passwordProfiling', 'passwordProfiling' ) and used in bruteforce plugins as passwords for default users. If you have any questions, don't hesitate to ask them here! [0] https://sourceforge.net/tracker/?func=detailaid=2664893group_id=170274atid=853655 Thanks, Leo -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ ''' make_leet.py Copyright 2009 Leonardo Jose Fishman This file is part of w3af, w3af.sourceforge.net . w3af is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License. w3af is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with w3af; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ''' import core.data.kb.knowledgeBase as kb ''' Based in Paul McGuire: ptmcg at austin.rr.com contribution for a python list: http://mail.python.org/pipermail/python-list/2009-February/700090.html ''' LEET_LETTERS = dict( zip(eEaAiItTsSoObB, 33441177550088) ) def make_leet( pass2leet=1 ): ''' convert elite passwords like: admin into 4dm1n ''' return ''.join( LEET_LETTERS.get(c,c) for c in pass2leet ) -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] I want to help
Hi all, 2009/3/24 dblackshell backbon...@gmail.com: I don't know, leetyfying all the words (and all those variants) would be such an overkill. Even bruteforce would be faster in such a scenario. It's like some time ago when I saw people downloading 2GB (non-profiled) password dictionaries... I mean, having to generate: 4dmin, adm1n, 4dm1n... just seems an overkill, IMO Hm, I think I've got an idea. How about having an automated password profiler? I mean, passwords can be classified by some criteria (like sport passwords, rock music passwords, political passwords); then you choose the criteria, the passwords are selected and then leeted etc. Sasha. /// --- http://insanesecurity.info On Tue, Mar 24, 2009 at 12:56 AM, Andres Riancho andres.rian...@gmail.com wrote: On Mon, Mar 23, 2009 at 7:43 PM, dblackshell backbon...@gmail.com wrote: e - 3 i - 1 o - 0 a - 4 i've never seen s - 5 ? Damn... wikipedia knows about everything: http://en.wikipedia.org/wiki/Leet just suggesting... :) Ok, then the algorithm will be a little more complex: - input: 'admins' - output: ['4dm1ns','4dm1n5'] In other words, leetyfying the s is optional - input: 'elite' - output: ['3l1t3', '3l173'] In other words, leetyfying the t is optional Any other comments on the algorithm? p.s.: first time replied to Andres, now how the hell did that happen? :) --- http://insanesecurity.info On Tue, Mar 24, 2009 at 12:04 AM, Andres Riancho andres.rian...@gmail.com wrote: Leo, On Mon, Mar 23, 2009 at 6:10 PM, leo fishman leo.mail...@gmail.com wrote: Hello, I want to help with some microtask. Please, bare in mind that I don't know the framwork very well. Thanks for your email! New contributors are ALWAYS welcome =) I just found a nice task that you could perform [0]. Basically, we need to perform these steps: 1.- In core/controllers/misc/ you should create a new file named make_leet.py . Inside that file, you have to create a function that converts: admin into 4dm1n... you know... make it elite. You should name the function make_leet. 2.- After the function is working, you should modify the passwordProfiling plugin, in order to add leet versions of all the top words to the result. Example of result before your patch: - admin - global - spam - eggs Result after your patch: - admin - 4dm1n - global - gl0b4l - spam - 5p4m - eggs - 3gg5 Results are saved in kb.kb.getData( 'passwordProfiling', 'passwordProfiling' ) and used in bruteforce plugins as passwords for default users. If you have any questions, don't hesitate to ask them here! [0] https://sourceforge.net/tracker/?func=detailaid=2664893group_id=170274atid=853655 Thanks, Leo -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/
Re: [W3af-develop] I want to help
may be you get some more (leet correct:) ideas here https://addons.mozilla.org/firefox/addon/770 Achim On Mon, 23 Mar 2009, Andres Riancho wrote: !! On Mon, Mar 23, 2009 at 7:43 PM, dblackshell backbon...@gmail.com wrote: !! e - 3 !! i - 1 !! o - 0 !! a - 4 !! !! i've never seen s - 5 ? !! !! Damn... wikipedia knows about everything: !! !! http://en.wikipedia.org/wiki/Leet !! !! just suggesting... :) !! !! Ok, then the algorithm will be a little more complex: !! !! - input: 'admins' !! - output: ['4dm1ns','4dm1n5'] !! !! In other words, leetyfying the s is optional !! !! - input: 'elite' !! - output: ['3l1t3', '3l173'] !! !! In other words, leetyfying the t is optional !! !! Any other comments on the algorithm? !! !! p.s.: first time replied to Andres, now how the hell did that happen? :) !! !! --- !! http://insanesecurity.info !! !! !! On Tue, Mar 24, 2009 at 12:04 AM, Andres Riancho andres.rian...@gmail.com !! wrote: !! !! Leo, !! !! On Mon, Mar 23, 2009 at 6:10 PM, leo fishman leo.mail...@gmail.com !! wrote: !! Hello, !! !! I want to help with some microtask. !! Please, bare in mind that I don't know the framwork very well. !! !! Thanks for your email! New contributors are ALWAYS welcome =) !! !! I just found a nice task that you could perform [0]. Basically, we !! need to perform these steps: !! !! 1.- In core/controllers/misc/ you should create a new file named !! make_leet.py . Inside that file, you have to create a function that !! converts: admin into 4dm1n... you know... make it elite. You !! should name the function make_leet. !! !! 2.- After the function is working, you should modify the !! passwordProfiling plugin, in order to add leet versions of all the !! top words to the result. Example of result before your patch: !! !! - admin !! - global !! - spam !! - eggs !! !! Result after your patch: !! !! - admin !! - 4dm1n !! - global !! - gl0b4l !! - spam !! - 5p4m !! - eggs !! - 3gg5 !! !! !! Results are saved in kb.kb.getData( 'passwordProfiling', !! 'passwordProfiling' ) and used in bruteforce plugins as passwords for !! default users. !! !! If you have any questions, don't hesitate to ask them here! !! !! [0] !! https://sourceforge.net/tracker/?func=detailaid=2664893group_id=170274atid=853655 !! !! Thanks, !! !! Leo-- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] I want to help
Leo, On Mon, Mar 23, 2009 at 6:10 PM, leo fishman leo.mail...@gmail.com wrote: Hello, I want to help with some microtask. Please, bare in mind that I don't know the framwork very well. Thanks for your email! New contributors are ALWAYS welcome =) I just found a nice task that you could perform [0]. Basically, we need to perform these steps: 1.- In core/controllers/misc/ you should create a new file named make_leet.py . Inside that file, you have to create a function that converts: admin into 4dm1n... you know... make it elite. You should name the function make_leet. 2.- After the function is working, you should modify the passwordProfiling plugin, in order to add leet versions of all the top words to the result. Example of result before your patch: - admin - global - spam - eggs Result after your patch: - admin - 4dm1n - global - gl0b4l - spam - 5p4m - eggs - 3gg5 Results are saved in kb.kb.getData( 'passwordProfiling', 'passwordProfiling' ) and used in bruteforce plugins as passwords for default users. If you have any questions, don't hesitate to ask them here! [0] https://sourceforge.net/tracker/?func=detailaid=2664893group_id=170274atid=853655 Thanks, Leo -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] I want to help
I don't know, leetyfying all the words (and all those variants) would be such an overkill. Even bruteforce would be faster in such a scenario. It's like some time ago when I saw people downloading 2GB (non-profiled) password dictionaries... I mean, having to generate: 4dmin, adm1n, 4dm1n... just seems an overkill, IMO --- http://insanesecurity.info On Tue, Mar 24, 2009 at 12:56 AM, Andres Riancho andres.rian...@gmail.comwrote: On Mon, Mar 23, 2009 at 7:43 PM, dblackshell backbon...@gmail.com wrote: e - 3 i - 1 o - 0 a - 4 i've never seen s - 5 ? Damn... wikipedia knows about everything: http://en.wikipedia.org/wiki/Leet just suggesting... :) Ok, then the algorithm will be a little more complex: - input: 'admins' - output: ['4dm1ns','4dm1n5'] In other words, leetyfying the s is optional - input: 'elite' - output: ['3l1t3', '3l173'] In other words, leetyfying the t is optional Any other comments on the algorithm? p.s.: first time replied to Andres, now how the hell did that happen? :) --- http://insanesecurity.info On Tue, Mar 24, 2009 at 12:04 AM, Andres Riancho andres.rian...@gmail.com wrote: Leo, On Mon, Mar 23, 2009 at 6:10 PM, leo fishman leo.mail...@gmail.com wrote: Hello, I want to help with some microtask. Please, bare in mind that I don't know the framwork very well. Thanks for your email! New contributors are ALWAYS welcome =) I just found a nice task that you could perform [0]. Basically, we need to perform these steps: 1.- In core/controllers/misc/ you should create a new file named make_leet.py . Inside that file, you have to create a function that converts: admin into 4dm1n... you know... make it elite. You should name the function make_leet. 2.- After the function is working, you should modify the passwordProfiling plugin, in order to add leet versions of all the top words to the result. Example of result before your patch: - admin - global - spam - eggs Result after your patch: - admin - 4dm1n - global - gl0b4l - spam - 5p4m - eggs - 3gg5 Results are saved in kb.kb.getData( 'passwordProfiling', 'passwordProfiling' ) and used in bruteforce plugins as passwords for default users. If you have any questions, don't hesitate to ask them here! [0] https://sourceforge.net/tracker/?func=detailaid=2664893group_id=170274atid=853655 Thanks, Leo -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial.
