Leo, Finally, and after soooo much time, I decided to finish this feature. I used your make_leet code (with small modifications) and integrated it into the framework. If you want to see the SVN commit log, and the modifications, you can go here:
http://w3af.svn.sourceforge.net/viewvc/w3af?view=rev&revision=2934 Cheers, On Mon, Mar 30, 2009 at 9:37 PM, leo fishman<leo.mail...@gmail.com> wrote: > Here is a new version, if its ok, I can start coding the append to the kb. > > On Fri, Mar 27, 2009 at 5:38 PM, Andres Riancho <andres.rian...@gmail.com> > wrote: >> >> Leo, >> >> On Fri, Mar 27, 2009 at 5:27 PM, leo fishman <leo.mail...@gmail.com> >> wrote: >> > Andres, >> > >> > Thanks a lot for your patient and good intention, I won't let you down. >> > >> > Can anybody give me a list of all the options desired? >> > It would be better to pass same parameter to the funtion indicating how >> > to >> > leet? >> > The possibilities are endless, as the wikipedia states and me myself >> > sometime use: >> > a:@ >> > d:0 >> > l:1 >> > i:1 >> > t:7 or + >> > s:$ >> > .... >> >> I think that this would be the list of things to "l33t": >> >> - a:4 >> - e:3 >> - i:1 >> - o:0 >> - t:7 >> - s:5 >> >> The last two, are optional, so: >> >> - input: 'admins' >> - output: ['4dm1ns','4dm1n5'] >> >> In other words, "leetyfying" the s is optional >> >> - input: 'elite' >> - output: ['3l1t3', '3l173'] >> >> > Another silly question, do you keep a central database with most used >> > passwords? >> >> Yes, "core/controllers/bruteforce/passwords.txt". >> >> > if not, that may help a little, of course, we have to keep the >> > privacy and only store passwords and no other info. > > I ONLY MEANT TO HAVE A CENTRALIZED PASSWORD DATABASE FOR STATISTICAL > PORPOUSE. > FOR EXAMPLE, IF WE FIND OUT THAT MANY PEOPLE USE: > "MARADONA10" > AS PASSWORD, IT WOULD BE A VERY USEFULL INFO TO ADD TO PASSWORD.TXT > > >> >> I don't understand your point. >> >> > >> > Can you also lead me on how to use the kb to update the results? maybe >> > showing me other functions that do the same. >> >> The kb has three basic methods: >> >> - save >> - append >> - getData >> >> By reading the source code comments, source code documentation, and >> the grep.pathDisclosure plugin, you should get an idea on how to use >> them. >> >> > Its ok to send the script to your personal mail then? I think that my >> > mail >> > to the list didn't go trough >> >> Please send to the mailing list, the emails with attachments go through, >> >> > I may do it Sunday afternoon. >> >> Ok, thanks! >> >> > Thanks a lot, >> > >> > >> > On Thu, Mar 26, 2009 at 8:39 PM, Andres Riancho >> > <andres.rian...@gmail.com> >> > wrote: >> >> >> >> Leo, >> >> >> >> On Wed, Mar 25, 2009 at 7:25 AM, leo fishman <leo.mail...@gmail.com> >> >> wrote: >> >> > This is a file with the funcion, if its working as desired, how can I >> >> > update >> >> > the kb ? >> >> > >> >> >> >> First, some comments: >> >> >> >> - I like the "I use google spirit", because I do the same, but... if >> >> you are learning, you better make a 10 line function and use your >> >> brain, instead of searching google ;) >> >> - The function isn't working as expected, because in the discussion we >> >> decided that: >> >> >> >> - input: 'admins' >> >> - output: ['4dm1ns','4dm1n5'] >> >> >> >> In other words, "leetyfying" the s is optional >> >> >> >> - input: 'elite' >> >> - output: ['3l1t3', '3l173'] >> >> >> >> In other words, "leetyfying" the t is optional >> >> >> >> I just commited a slightly modified version of your code, you might >> >> check it out here [0]. Please work with that version as a base. >> >> >> >> PS: Please use inline to answer emails. >> >> >> >> [0] >> >> >> >> http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/core/controllers/misc/make_leet.py?revision=2781&view=markup >> >> >> >> Cheers, >> >> >> >> > >> >> > On Mon, Mar 23, 2009 at 7:04 PM, Andres Riancho >> >> > <andres.rian...@gmail.com> >> >> > wrote: >> >> >> >> >> >> Leo, >> >> >> >> >> >> On Mon, Mar 23, 2009 at 6:10 PM, leo fishman <leo.mail...@gmail.com> >> >> >> wrote: >> >> >> > Hello, >> >> >> > >> >> >> > I want to help with some microtask. >> >> >> > Please, bare in mind that I don't know the framwork very well. >> >> >> >> >> >> Thanks for your email! New contributors are ALWAYS welcome =) >> >> >> >> >> >> I just found a nice task that you could perform [0]. Basically, >> >> >> we >> >> >> need to perform these steps: >> >> >> >> >> >> 1.- In core/controllers/misc/ you should create a new file named >> >> >> make_leet.py . Inside that file, you have to create a function that >> >> >> converts: "admin" into "4dm1n"... you know... make it "elite". You >> >> >> should name the function make_leet. >> >> >> >> >> >> 2.- After the function is working, you should modify the >> >> >> passwordProfiling plugin, in order to add "leet versions" of all the >> >> >> top words to the result. Example of result before your patch: >> >> >> >> >> >> - admin >> >> >> - global >> >> >> - spam >> >> >> - eggs >> >> >> >> >> >> Result after your patch: >> >> >> >> >> >> - admin >> >> >> - 4dm1n >> >> >> - global >> >> >> - gl0b4l >> >> >> - spam >> >> >> - 5p4m >> >> >> - eggs >> >> >> - 3gg5 >> >> >> >> >> >> >> >> >> Results are saved in kb.kb.getData( 'passwordProfiling', >> >> >> 'passwordProfiling' ) and used in bruteforce plugins as passwords >> >> >> for >> >> >> default users. >> >> >> >> >> >> If you have any questions, don't hesitate to ask them here! >> >> >> >> >> >> [0] >> >> >> >> >> >> >> >> >> https://sourceforge.net/tracker/?func=detail&aid=2664893&group_id=170274&atid=853655 >> >> >> >> >> >> > Thanks, >> >> >> > >> >> >> > Leo >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > ------------------------------------------------------------------------------ >> >> >> > Apps built with the Adobe(R) Flex(R) framework and Flex >> >> >> > Builder(TM) >> >> >> > are >> >> >> > powering Web 2.0 with engaging, cross-platform capabilities. >> >> >> > Quickly >> >> >> > and >> >> >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based >> >> >> > development >> >> >> > software that enables intelligent coding and step-through >> >> >> > debugging. >> >> >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >> >> >> > _______________________________________________ >> >> >> > W3af-develop mailing list >> >> >> > W3af-develop@lists.sourceforge.net >> >> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> >> > >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> Andrés Riancho >> >> >> http://www.bonsai-sec.com/ >> >> >> http://w3af.sourceforge.net/ >> >> > >> >> > >> >> > >> >> > >> >> > ------------------------------------------------------------------------------ >> >> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) >> >> > are >> >> > powering Web 2.0 with engaging, cross-platform capabilities. Quickly >> >> > and >> >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based >> >> > development >> >> > software that enables intelligent coding and step-through debugging. >> >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >> >> > _______________________________________________ >> >> > W3af-develop mailing list >> >> > W3af-develop@lists.sourceforge.net >> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> > >> >> > >> >> >> >> >> >> >> >> -- >> >> Andrés Riancho >> >> http://www.bonsai-sec.com/ >> >> http://w3af.sourceforge.net/ >> > >> > >> >> >> >> -- >> Andrés Riancho >> http://www.bonsai-sec.com/ >> http://w3af.sourceforge.net/ > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
