On Mon, Mar 23, 2009 at 8:09 PM, dblackshell <backbon...@gmail.com> wrote: > I don't know, leetyfying all the words (and all those variants) would be > such an overkill. Even bruteforce would be faster in such a scenario. It's > like some time ago when I saw people downloading 2GB (non-profiled) password > dictionaries...
We aren't leetyfying all the words, we only leetyfy the words that are the result from the grep.passwordProfiling plugin, which are the most commonly used words across the whole website. > I mean, having to generate: 4dmin, adm1n, 4dm1n... just seems an overkill, > IMO Read above. > --- > http://insanesecurity.info > > > On Tue, Mar 24, 2009 at 12:56 AM, Andres Riancho <andres.rian...@gmail.com> > wrote: >> >> On Mon, Mar 23, 2009 at 7:43 PM, dblackshell <backbon...@gmail.com> wrote: >> > e - 3 >> > i - 1 >> > o - 0 >> > a - 4 >> > >> > i've never seen s - 5 ? >> >> Damn... wikipedia knows about everything: >> >> http://en.wikipedia.org/wiki/Leet >> >> > just suggesting... :) >> >> Ok, then the algorithm will be a little more complex: >> >> - input: 'admins' >> - output: ['4dm1ns','4dm1n5'] >> >> In other words, "leetyfying" the s is optional >> >> - input: 'elite' >> - output: ['3l1t3', '3l173'] >> >> In other words, "leetyfying" the t is optional >> >> Any other comments on the algorithm? >> >> > p.s.: first time replied to Andres, now how the hell did that happen? :) >> > >> > --- >> > http://insanesecurity.info >> > >> > >> > On Tue, Mar 24, 2009 at 12:04 AM, Andres Riancho >> > <andres.rian...@gmail.com> >> > wrote: >> >> >> >> Leo, >> >> >> >> On Mon, Mar 23, 2009 at 6:10 PM, leo fishman <leo.mail...@gmail.com> >> >> wrote: >> >> > Hello, >> >> > >> >> > I want to help with some microtask. >> >> > Please, bare in mind that I don't know the framwork very well. >> >> >> >> Thanks for your email! New contributors are ALWAYS welcome =) >> >> >> >> I just found a nice task that you could perform [0]. Basically, we >> >> need to perform these steps: >> >> >> >> 1.- In core/controllers/misc/ you should create a new file named >> >> make_leet.py . Inside that file, you have to create a function that >> >> converts: "admin" into "4dm1n"... you know... make it "elite". You >> >> should name the function make_leet. >> >> >> >> 2.- After the function is working, you should modify the >> >> passwordProfiling plugin, in order to add "leet versions" of all the >> >> top words to the result. Example of result before your patch: >> >> >> >> - admin >> >> - global >> >> - spam >> >> - eggs >> >> >> >> Result after your patch: >> >> >> >> - admin >> >> - 4dm1n >> >> - global >> >> - gl0b4l >> >> - spam >> >> - 5p4m >> >> - eggs >> >> - 3gg5 >> >> >> >> >> >> Results are saved in kb.kb.getData( 'passwordProfiling', >> >> 'passwordProfiling' ) and used in bruteforce plugins as passwords for >> >> default users. >> >> >> >> If you have any questions, don't hesitate to ask them here! >> >> >> >> [0] >> >> >> >> https://sourceforge.net/tracker/?func=detail&aid=2664893&group_id=170274&atid=853655 >> >> >> >> > Thanks, >> >> > >> >> > Leo >> >> > >> >> > >> >> > >> >> > ------------------------------------------------------------------------------ >> >> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) >> >> > are >> >> > powering Web 2.0 with engaging, cross-platform capabilities. Quickly >> >> > and >> >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based >> >> > development >> >> > software that enables intelligent coding and step-through debugging. >> >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >> >> > _______________________________________________ >> >> > W3af-develop mailing list >> >> > W3af-develop@lists.sourceforge.net >> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> > >> >> > >> >> >> >> >> >> >> >> -- >> >> Andrés Riancho >> >> http://www.bonsai-sec.com/ >> >> http://w3af.sourceforge.net/ >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are >> >> powering Web 2.0 with engaging, cross-platform capabilities. Quickly >> >> and >> >> easily build your RIAs with Flex Builder, the Eclipse(TM)based >> >> development >> >> software that enables intelligent coding and step-through debugging. >> >> Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >> >> _______________________________________________ >> >> W3af-develop mailing list >> >> W3af-develop@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> > >> > >> > >> > ------------------------------------------------------------------------------ >> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are >> > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based >> > development >> > software that enables intelligent coding and step-through debugging. >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >> > _______________________________________________ >> > W3af-develop mailing list >> > W3af-develop@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop >> > >> > >> >> >> >> -- >> Andrés Riancho >> http://www.bonsai-sec.com/ >> http://w3af.sourceforge.net/ > > -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
