On Tue, Mar 24, 2009 at 7:07 AM, dblackshell <backbon...@gmail.com> wrote: >>How about having an automated password profiler? I mean, passwords can >>be classified by some criteria (like "sport passwords", "rock music >>passwords", "political passwords"); then you choose the criteria, the >>passwords are selected and then leeted etc.
The grep.passwordProfiling plugin creates a list with the most common words in the webpage; and it takes into account if the word is in a <h1>, <h2> or just in the web page text. > yes it sounds swell and all, but password profiling should be done outside > of w3af... there are already profiled password dictionaries/wordlists and > tools (scripts) that extract words from documents, mp3's and so. And IMO > w3af shouldn't be bloated with modules that are not strictly connected to > its purpose. The grep.passwordProfiling plugin can be extended using... plugins! ;) For now, it works with PDF, HTML and text. And just like you say, I think its enough. Cheers, > --- > http://insanesecurity.info > > > On Tue, Mar 24, 2009 at 11:12 AM, Alexander Berezhnoy > <alexander.berezh...@gmail.com> wrote: >> >> Hi all, >> >> >> 2009/3/24 dblackshell <backbon...@gmail.com>: >> > I don't know, leetyfying all the words (and all those variants) would be >> > such an overkill. Even bruteforce would be faster in such a scenario. >> > It's >> > like some time ago when I saw people downloading 2GB (non-profiled) >> > password >> > dictionaries... >> > >> > I mean, having to generate: 4dmin, adm1n, 4dm1n... just seems an >> > overkill, >> > IMO >> >> Hm, I think I've got an idea. >> >> How about having an automated password profiler? I mean, passwords can >> be classified by some criteria (like "sport passwords", "rock music >> passwords", "political passwords"); then you choose the criteria, the >> passwords are selected and then leeted etc. >> >> Sasha. >> >> /////// >> > >> > --- >> > http://insanesecurity.info >> > >> > >> > On Tue, Mar 24, 2009 at 12:56 AM, Andres Riancho >> > <andres.rian...@gmail.com> >> > wrote: >> >> >> >> On Mon, Mar 23, 2009 at 7:43 PM, dblackshell <backbon...@gmail.com> >> >> wrote: >> >> > e - 3 >> >> > i - 1 >> >> > o - 0 >> >> > a - 4 >> >> > >> >> > i've never seen s - 5 ? >> >> >> >> Damn... wikipedia knows about everything: >> >> >> >> http://en.wikipedia.org/wiki/Leet >> >> >> >> > just suggesting... :) >> >> >> >> Ok, then the algorithm will be a little more complex: >> >> >> >> - input: 'admins' >> >> - output: ['4dm1ns','4dm1n5'] >> >> >> >> In other words, "leetyfying" the s is optional >> >> >> >> - input: 'elite' >> >> - output: ['3l1t3', '3l173'] >> >> >> >> In other words, "leetyfying" the t is optional >> >> >> >> Any other comments on the algorithm? >> >> >> >> > p.s.: first time replied to Andres, now how the hell did that happen? >> >> > :) >> >> > >> >> > --- >> >> > http://insanesecurity.info >> >> > >> >> > >> >> > On Tue, Mar 24, 2009 at 12:04 AM, Andres Riancho >> >> > <andres.rian...@gmail.com> >> >> > wrote: >> >> >> >> >> >> Leo, >> >> >> >> >> >> On Mon, Mar 23, 2009 at 6:10 PM, leo fishman <leo.mail...@gmail.com> >> >> >> wrote: >> >> >> > Hello, >> >> >> > >> >> >> > I want to help with some microtask. >> >> >> > Please, bare in mind that I don't know the framwork very well. >> >> >> >> >> >> Thanks for your email! New contributors are ALWAYS welcome =) >> >> >> >> >> >> I just found a nice task that you could perform [0]. Basically, >> >> >> we >> >> >> need to perform these steps: >> >> >> >> >> >> 1.- In core/controllers/misc/ you should create a new file named >> >> >> make_leet.py . Inside that file, you have to create a function that >> >> >> converts: "admin" into "4dm1n"... you know... make it "elite". You >> >> >> should name the function make_leet. >> >> >> >> >> >> 2.- After the function is working, you should modify the >> >> >> passwordProfiling plugin, in order to add "leet versions" of all the >> >> >> top words to the result. Example of result before your patch: >> >> >> >> >> >> - admin >> >> >> - global >> >> >> - spam >> >> >> - eggs >> >> >> >> >> >> Result after your patch: >> >> >> >> >> >> - admin >> >> >> - 4dm1n >> >> >> - global >> >> >> - gl0b4l >> >> >> - spam >> >> >> - 5p4m >> >> >> - eggs >> >> >> - 3gg5 >> >> >> >> >> >> >> >> >> Results are saved in kb.kb.getData( 'passwordProfiling', >> >> >> 'passwordProfiling' ) and used in bruteforce plugins as passwords >> >> >> for >> >> >> default users. >> >> >> >> >> >> If you have any questions, don't hesitate to ask them here! >> >> >> >> >> >> [0] >> >> >> >> >> >> >> >> >> https://sourceforge.net/tracker/?func=detail&aid=2664893&group_id=170274&atid=853655 >> >> >> >> >> >> > Thanks, >> >> >> > >> >> >> > Leo >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > ------------------------------------------------------------------------------ >> >> >> > Apps built with the Adobe(R) Flex(R) framework and Flex >> >> >> > Builder(TM) >> >> >> > are >> >> >> > powering Web 2.0 with engaging, cross-platform capabilities. >> >> >> > Quickly >> >> >> > and >> >> >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based >> >> >> > development >> >> >> > software that enables intelligent coding and step-through >> >> >> > debugging. >> >> >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >> >> >> > _______________________________________________ >> >> >> > W3af-develop mailing list >> >> >> > W3af-develop@lists.sourceforge.net >> >> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> >> > >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> Andrés Riancho >> >> >> http://www.bonsai-sec.com/ >> >> >> http://w3af.sourceforge.net/ >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) >> >> >> are >> >> >> powering Web 2.0 with engaging, cross-platform capabilities. Quickly >> >> >> and >> >> >> easily build your RIAs with Flex Builder, the Eclipse(TM)based >> >> >> development >> >> >> software that enables intelligent coding and step-through debugging. >> >> >> Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >> >> >> _______________________________________________ >> >> >> W3af-develop mailing list >> >> >> W3af-develop@lists.sourceforge.net >> >> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> > >> >> > >> >> > >> >> > >> >> > ------------------------------------------------------------------------------ >> >> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) >> >> > are >> >> > powering Web 2.0 with engaging, cross-platform capabilities. Quickly >> >> > and >> >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based >> >> > development >> >> > software that enables intelligent coding and step-through debugging. >> >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >> >> > _______________________________________________ >> >> > W3af-develop mailing list >> >> > W3af-develop@lists.sourceforge.net >> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> > >> >> > >> >> >> >> >> >> >> >> -- >> >> Andrés Riancho >> >> http://www.bonsai-sec.com/ >> >> http://w3af.sourceforge.net/ >> > >> > >> > >> > ------------------------------------------------------------------------------ >> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are >> > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based >> > development >> > software that enables intelligent coding and step-through debugging. >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >> > _______________________________________________ >> > W3af-develop mailing list >> > W3af-develop@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop >> > >> > >> >> >> >> -- >> Alexander (Sasha) Berezhnoy, OSCP >> http://sandals-on-my-head.blogspot.com > > -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
