>How about having an automated password profiler? I mean, passwords can
>be classified by some criteria (like "sport passwords", "rock music
>passwords", "political passwords"); then you choose the criteria, the
>passwords are selected and then leeted etc.
yes it sounds swell and all, but password profiling should be done outside
of w3af... there are already profiled password dictionaries/wordlists and
tools (scripts) that extract words from documents, mp3's and so. And IMO
w3af shouldn't be bloated with modules that are not strictly connected to
its purpose.
---
http://insanesecurity.info
On Tue, Mar 24, 2009 at 11:12 AM, Alexander Berezhnoy <
alexander.berezh...@gmail.com> wrote:
> Hi all,
>
>
> 2009/3/24 dblackshell <backbon...@gmail.com>:
> > I don't know, leetyfying all the words (and all those variants) would be
> > such an overkill. Even bruteforce would be faster in such a scenario.
> It's
> > like some time ago when I saw people downloading 2GB (non-profiled)
> password
> > dictionaries...
> >
> > I mean, having to generate: 4dmin, adm1n, 4dm1n... just seems an
> overkill,
> > IMO
>
> Hm, I think I've got an idea.
>
> How about having an automated password profiler? I mean, passwords can
> be classified by some criteria (like "sport passwords", "rock music
> passwords", "political passwords"); then you choose the criteria, the
> passwords are selected and then leeted etc.
>
> Sasha.
>
> ///////
> >
> > ---
> > http://insanesecurity.info
> >
> >
> > On Tue, Mar 24, 2009 at 12:56 AM, Andres Riancho <
> andres.rian...@gmail.com>
> > wrote:
> >>
> >> On Mon, Mar 23, 2009 at 7:43 PM, dblackshell <backbon...@gmail.com>
> wrote:
> >> > e - 3
> >> > i - 1
> >> > o - 0
> >> > a - 4
> >> >
> >> > i've never seen s - 5 ?
> >>
> >> Damn... wikipedia knows about everything:
> >>
> >> http://en.wikipedia.org/wiki/Leet
> >>
> >> > just suggesting... :)
> >>
> >> Ok, then the algorithm will be a little more complex:
> >>
> >> - input: 'admins'
> >> - output: ['4dm1ns','4dm1n5']
> >>
> >> In other words, "leetyfying" the s is optional
> >>
> >> - input: 'elite'
> >> - output: ['3l1t3', '3l173']
> >>
> >> In other words, "leetyfying" the t is optional
> >>
> >> Any other comments on the algorithm?
> >>
> >> > p.s.: first time replied to Andres, now how the hell did that happen?
> :)
> >> >
> >> > ---
> >> > http://insanesecurity.info
> >> >
> >> >
> >> > On Tue, Mar 24, 2009 at 12:04 AM, Andres Riancho
> >> > <andres.rian...@gmail.com>
> >> > wrote:
> >> >>
> >> >> Leo,
> >> >>
> >> >> On Mon, Mar 23, 2009 at 6:10 PM, leo fishman <leo.mail...@gmail.com>
> >> >> wrote:
> >> >> > Hello,
> >> >> >
> >> >> > I want to help with some microtask.
> >> >> > Please, bare in mind that I don't know the framwork very well.
> >> >>
> >> >> Thanks for your email! New contributors are ALWAYS welcome =)
> >> >>
> >> >> I just found a nice task that you could perform [0]. Basically, we
> >> >> need to perform these steps:
> >> >>
> >> >> 1.- In core/controllers/misc/ you should create a new file named
> >> >> make_leet.py . Inside that file, you have to create a function that
> >> >> converts: "admin" into "4dm1n"... you know... make it "elite". You
> >> >> should name the function make_leet.
> >> >>
> >> >> 2.- After the function is working, you should modify the
> >> >> passwordProfiling plugin, in order to add "leet versions" of all the
> >> >> top words to the result. Example of result before your patch:
> >> >>
> >> >> - admin
> >> >> - global
> >> >> - spam
> >> >> - eggs
> >> >>
> >> >> Result after your patch:
> >> >>
> >> >> - admin
> >> >> - 4dm1n
> >> >> - global
> >> >> - gl0b4l
> >> >> - spam
> >> >> - 5p4m
> >> >> - eggs
> >> >> - 3gg5
> >> >>
> >> >>
> >> >> Results are saved in kb.kb.getData( 'passwordProfiling',
> >> >> 'passwordProfiling' ) and used in bruteforce plugins as passwords for
> >> >> default users.
> >> >>
> >> >> If you have any questions, don't hesitate to ask them here!
> >> >>
> >> >> [0]
> >> >>
> >> >>
> https://sourceforge.net/tracker/?func=detail&aid=2664893&group_id=170274&atid=853655
> >> >>
> >> >> > Thanks,
> >> >> >
> >> >> > Leo
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> ------------------------------------------------------------------------------
> >> >> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM)
> >> >> > are
> >> >> > powering Web 2.0 with engaging, cross-platform capabilities.
> Quickly
> >> >> > and
> >> >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based
> >> >> > development
> >> >> > software that enables intelligent coding and step-through
> debugging.
> >> >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> >> >> > _______________________________________________
> >> >> > W3af-develop mailing list
> >> >> > W3af-develop@lists.sourceforge.net
> >> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Andrés Riancho
> >> >> http://www.bonsai-sec.com/
> >> >> http://w3af.sourceforge.net/
> >> >>
> >> >>
> >> >>
> >> >>
> ------------------------------------------------------------------------------
> >> >> Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM)
> are
> >> >> powering Web 2.0 with engaging, cross-platform capabilities. Quickly
> >> >> and
> >> >> easily build your RIAs with Flex Builder, the Eclipse(TM)based
> >> >> development
> >> >> software that enables intelligent coding and step-through debugging.
> >> >> Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> >> >> _______________________________________________
> >> >> W3af-develop mailing list
> >> >> W3af-develop@lists.sourceforge.net
> >> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >> >
> >> >
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM)
> are
> >> > powering Web 2.0 with engaging, cross-platform capabilities. Quickly
> and
> >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based
> >> > development
> >> > software that enables intelligent coding and step-through debugging.
> >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> >> > _______________________________________________
> >> > W3af-develop mailing list
> >> > W3af-develop@lists.sourceforge.net
> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Andrés Riancho
> >> http://www.bonsai-sec.com/
> >> http://w3af.sourceforge.net/
> >
> >
> >
> ------------------------------------------------------------------------------
> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
> > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
> > easily build your RIAs with Flex Builder, the Eclipse(TM)based
> development
> > software that enables intelligent coding and step-through debugging.
> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> > _______________________________________________
> > W3af-develop mailing list
> > W3af-develop@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >
> >
>
>
>
> --
> Alexander (Sasha) Berezhnoy, OSCP
> http://sandals-on-my-head.blogspot.com
>
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
