Here is a new version, if its ok, I can start coding the append to the kb.
On Fri, Mar 27, 2009 at 5:38 PM, Andres Riancho <andres.rian...@gmail.com>wrote:
> Leo,
>
> On Fri, Mar 27, 2009 at 5:27 PM, leo fishman <leo.mail...@gmail.com>
> wrote:
> > Andres,
> >
> > Thanks a lot for your patient and good intention, I won't let you down.
> >
> > Can anybody give me a list of all the options desired?
> > It would be better to pass same parameter to the funtion indicating how
> to
> > leet?
> > The possibilities are endless, as the wikipedia states and me myself
> > sometime use:
> > a:@
> > d:0
> > l:1
> > i:1
> > t:7 or +
> > s:$
> > ....
>
> I think that this would be the list of things to "l33t":
>
> - a:4
> - e:3
> - i:1
> - o:0
> - t:7
> - s:5
>
> The last two, are optional, so:
>
> - input: 'admins'
> - output: ['4dm1ns','4dm1n5']
>
> In other words, "leetyfying" the s is optional
>
> - input: 'elite'
> - output: ['3l1t3', '3l173']
>
> > Another silly question, do you keep a central database with most used
> > passwords?
>
> Yes, "core/controllers/bruteforce/passwords.txt".
>
> > if not, that may help a little, of course, we have to keep the
> > privacy and only store passwords and no other info.
>
I ONLY MEANT TO HAVE A CENTRALIZED PASSWORD DATABASE FOR STATISTICAL
PORPOUSE.
FOR EXAMPLE, IF WE FIND OUT THAT MANY PEOPLE USE:
"MARADONA10"
AS PASSWORD, IT WOULD BE A VERY USEFULL INFO TO ADD TO PASSWORD.TXT
>
>
> I don't understand your point.
>
> >
> > Can you also lead me on how to use the kb to update the results? maybe
> > showing me other functions that do the same.
>
> The kb has three basic methods:
>
> - save
> - append
> - getData
>
> By reading the source code comments, source code documentation, and
> the grep.pathDisclosure plugin, you should get an idea on how to use
> them.
>
> > Its ok to send the script to your personal mail then? I think that my
> mail
> > to the list didn't go trough
>
> Please send to the mailing list, the emails with attachments go through,
>
> > I may do it Sunday afternoon.
>
> Ok, thanks!
>
> > Thanks a lot,
> >
> >
> > On Thu, Mar 26, 2009 at 8:39 PM, Andres Riancho <
> andres.rian...@gmail.com>
> > wrote:
> >>
> >> Leo,
> >>
> >> On Wed, Mar 25, 2009 at 7:25 AM, leo fishman <leo.mail...@gmail.com>
> >> wrote:
> >> > This is a file with the funcion, if its working as desired, how can I
> >> > update
> >> > the kb ?
> >> >
> >>
> >> First, some comments:
> >>
> >> - I like the "I use google spirit", because I do the same, but... if
> >> you are learning, you better make a 10 line function and use your
> >> brain, instead of searching google ;)
> >> - The function isn't working as expected, because in the discussion we
> >> decided that:
> >>
> >> - input: 'admins'
> >> - output: ['4dm1ns','4dm1n5']
> >>
> >> In other words, "leetyfying" the s is optional
> >>
> >> - input: 'elite'
> >> - output: ['3l1t3', '3l173']
> >>
> >> In other words, "leetyfying" the t is optional
> >>
> >> I just commited a slightly modified version of your code, you might
> >> check it out here [0]. Please work with that version as a base.
> >>
> >> PS: Please use inline to answer emails.
> >>
> >> [0]
> >>
> http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/core/controllers/misc/make_leet.py?revision=2781&view=markup
> >>
> >> Cheers,
> >>
> >> >
> >> > On Mon, Mar 23, 2009 at 7:04 PM, Andres Riancho
> >> > <andres.rian...@gmail.com>
> >> > wrote:
> >> >>
> >> >> Leo,
> >> >>
> >> >> On Mon, Mar 23, 2009 at 6:10 PM, leo fishman <leo.mail...@gmail.com>
> >> >> wrote:
> >> >> > Hello,
> >> >> >
> >> >> > I want to help with some microtask.
> >> >> > Please, bare in mind that I don't know the framwork very well.
> >> >>
> >> >> Thanks for your email! New contributors are ALWAYS welcome =)
> >> >>
> >> >> I just found a nice task that you could perform [0]. Basically, we
> >> >> need to perform these steps:
> >> >>
> >> >> 1.- In core/controllers/misc/ you should create a new file named
> >> >> make_leet.py . Inside that file, you have to create a function that
> >> >> converts: "admin" into "4dm1n"... you know... make it "elite". You
> >> >> should name the function make_leet.
> >> >>
> >> >> 2.- After the function is working, you should modify the
> >> >> passwordProfiling plugin, in order to add "leet versions" of all the
> >> >> top words to the result. Example of result before your patch:
> >> >>
> >> >> - admin
> >> >> - global
> >> >> - spam
> >> >> - eggs
> >> >>
> >> >> Result after your patch:
> >> >>
> >> >> - admin
> >> >> - 4dm1n
> >> >> - global
> >> >> - gl0b4l
> >> >> - spam
> >> >> - 5p4m
> >> >> - eggs
> >> >> - 3gg5
> >> >>
> >> >>
> >> >> Results are saved in kb.kb.getData( 'passwordProfiling',
> >> >> 'passwordProfiling' ) and used in bruteforce plugins as passwords for
> >> >> default users.
> >> >>
> >> >> If you have any questions, don't hesitate to ask them here!
> >> >>
> >> >> [0]
> >> >>
> >> >>
> https://sourceforge.net/tracker/?func=detail&aid=2664893&group_id=170274&atid=853655
> >> >>
> >> >> > Thanks,
> >> >> >
> >> >> > Leo
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> ------------------------------------------------------------------------------
> >> >> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM)
> >> >> > are
> >> >> > powering Web 2.0 with engaging, cross-platform capabilities.
> Quickly
> >> >> > and
> >> >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based
> >> >> > development
> >> >> > software that enables intelligent coding and step-through
> debugging.
> >> >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> >> >> > _______________________________________________
> >> >> > W3af-develop mailing list
> >> >> > W3af-develop@lists.sourceforge.net
> >> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Andrés Riancho
> >> >> http://www.bonsai-sec.com/
> >> >> http://w3af.sourceforge.net/
> >> >
> >> >
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM)
> are
> >> > powering Web 2.0 with engaging, cross-platform capabilities. Quickly
> and
> >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based
> >> > development
> >> > software that enables intelligent coding and step-through debugging.
> >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> >> > _______________________________________________
> >> > W3af-develop mailing list
> >> > W3af-develop@lists.sourceforge.net
> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Andrés Riancho
> >> http://www.bonsai-sec.com/
> >> http://w3af.sourceforge.net/
> >
> >
>
>
>
> --
> Andrés Riancho
> http://www.bonsai-sec.com/
> http://w3af.sourceforge.net/
>
'''
make_leet.py
Copyright 2009 Leonardo Jose Fishman
This file is part of w3af, w3af.sourceforge.net .
w3af is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.
w3af is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with w3af; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
'''
LEET_LETTERS = dict( zip("aAeEiIoO", "44331100") )
LEET_LETTERS_OPTIONALS = dict(zip("sStT","5577") )
def basic_leet(string, LEETERS):
outlist = []
leeted_basic = []
for letter in string:
if letter in LEETERS:
letter = LEETERS[letter]
outlist.append(letter)
leeted_basic = ''.join(outlist)
return leeted_basic
def make_leet(string):
leeted_pass = []
leeted_pass = basic_leet(string, LEET_LETTERS)
for letter in LEET_LETTERS_OPTIONALS:
if letter in leeted_pass:
leeted_pass+=', ' + basic_leet(leeted_pass,{letter : LEET_LETTERS_OPTIONALS[letter]})
#This line may need improving depending on how many interactions you want with the optionals
return leeted_pass
if __name__ == '__main__':
print make_leet('adminstradores')
print make_leet('pepepito ')
print make_leet('pepepitosS ')
------------------------------------------------------------------------------
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
