thanks, give me a few weeks and i will take another task leo
On Tue, Jun 30, 2009 at 10:38 AM, Andres Riancho <andres.rian...@gmail.com>wrote: > Leo, > > Finally, and after soooo much time, I decided to finish this feature. > I used your make_leet code (with small modifications) and integrated > it into the framework. If you want to see the SVN commit log, and the > modifications, you can go here: > > http://w3af.svn.sourceforge.net/viewvc/w3af?view=rev&revision=2934 > > Cheers, > > On Mon, Mar 30, 2009 at 9:37 PM, leo fishman<leo.mail...@gmail.com> wrote: > > Here is a new version, if its ok, I can start coding the append to the > kb. > > > > On Fri, Mar 27, 2009 at 5:38 PM, Andres Riancho < > andres.rian...@gmail.com> > > wrote: > >> > >> Leo, > >> > >> On Fri, Mar 27, 2009 at 5:27 PM, leo fishman <leo.mail...@gmail.com> > >> wrote: > >> > Andres, > >> > > >> > Thanks a lot for your patient and good intention, I won't let you > down. > >> > > >> > Can anybody give me a list of all the options desired? > >> > It would be better to pass same parameter to the funtion indicating > how > >> > to > >> > leet? > >> > The possibilities are endless, as the wikipedia states and me myself > >> > sometime use: > >> > a:@ > >> > d:0 > >> > l:1 > >> > i:1 > >> > t:7 or + > >> > s:$ > >> > .... > >> > >> I think that this would be the list of things to "l33t": > >> > >> - a:4 > >> - e:3 > >> - i:1 > >> - o:0 > >> - t:7 > >> - s:5 > >> > >> The last two, are optional, so: > >> > >> - input: 'admins' > >> - output: ['4dm1ns','4dm1n5'] > >> > >> In other words, "leetyfying" the s is optional > >> > >> - input: 'elite' > >> - output: ['3l1t3', '3l173'] > >> > >> > Another silly question, do you keep a central database with most used > >> > passwords? > >> > >> Yes, "core/controllers/bruteforce/passwords.txt". > >> > >> > if not, that may help a little, of course, we have to keep the > >> > privacy and only store passwords and no other info. > > > > I ONLY MEANT TO HAVE A CENTRALIZED PASSWORD DATABASE FOR STATISTICAL > > PORPOUSE. > > FOR EXAMPLE, IF WE FIND OUT THAT MANY PEOPLE USE: > > "MARADONA10" > > AS PASSWORD, IT WOULD BE A VERY USEFULL INFO TO ADD TO PASSWORD.TXT > > > > > >> > >> I don't understand your point. > >> > >> > > >> > Can you also lead me on how to use the kb to update the results? maybe > >> > showing me other functions that do the same. > >> > >> The kb has three basic methods: > >> > >> - save > >> - append > >> - getData > >> > >> By reading the source code comments, source code documentation, and > >> the grep.pathDisclosure plugin, you should get an idea on how to use > >> them. > >> > >> > Its ok to send the script to your personal mail then? I think that my > >> > mail > >> > to the list didn't go trough > >> > >> Please send to the mailing list, the emails with attachments go through, > >> > >> > I may do it Sunday afternoon. > >> > >> Ok, thanks! > >> > >> > Thanks a lot, > >> > > >> > > >> > On Thu, Mar 26, 2009 at 8:39 PM, Andres Riancho > >> > <andres.rian...@gmail.com> > >> > wrote: > >> >> > >> >> Leo, > >> >> > >> >> On Wed, Mar 25, 2009 at 7:25 AM, leo fishman <leo.mail...@gmail.com> > >> >> wrote: > >> >> > This is a file with the funcion, if its working as desired, how can > I > >> >> > update > >> >> > the kb ? > >> >> > > >> >> > >> >> First, some comments: > >> >> > >> >> - I like the "I use google spirit", because I do the same, but... if > >> >> you are learning, you better make a 10 line function and use your > >> >> brain, instead of searching google ;) > >> >> - The function isn't working as expected, because in the discussion > we > >> >> decided that: > >> >> > >> >> - input: 'admins' > >> >> - output: ['4dm1ns','4dm1n5'] > >> >> > >> >> In other words, "leetyfying" the s is optional > >> >> > >> >> - input: 'elite' > >> >> - output: ['3l1t3', '3l173'] > >> >> > >> >> In other words, "leetyfying" the t is optional > >> >> > >> >> I just commited a slightly modified version of your code, you might > >> >> check it out here [0]. Please work with that version as a base. > >> >> > >> >> PS: Please use inline to answer emails. > >> >> > >> >> [0] > >> >> > >> >> > http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/core/controllers/misc/make_leet.py?revision=2781&view=markup > >> >> > >> >> Cheers, > >> >> > >> >> > > >> >> > On Mon, Mar 23, 2009 at 7:04 PM, Andres Riancho > >> >> > <andres.rian...@gmail.com> > >> >> > wrote: > >> >> >> > >> >> >> Leo, > >> >> >> > >> >> >> On Mon, Mar 23, 2009 at 6:10 PM, leo fishman < > leo.mail...@gmail.com> > >> >> >> wrote: > >> >> >> > Hello, > >> >> >> > > >> >> >> > I want to help with some microtask. > >> >> >> > Please, bare in mind that I don't know the framwork very well. > >> >> >> > >> >> >> Thanks for your email! New contributors are ALWAYS welcome =) > >> >> >> > >> >> >> I just found a nice task that you could perform [0]. Basically, > >> >> >> we > >> >> >> need to perform these steps: > >> >> >> > >> >> >> 1.- In core/controllers/misc/ you should create a new file named > >> >> >> make_leet.py . Inside that file, you have to create a function > that > >> >> >> converts: "admin" into "4dm1n"... you know... make it "elite". You > >> >> >> should name the function make_leet. > >> >> >> > >> >> >> 2.- After the function is working, you should modify the > >> >> >> passwordProfiling plugin, in order to add "leet versions" of all > the > >> >> >> top words to the result. Example of result before your patch: > >> >> >> > >> >> >> - admin > >> >> >> - global > >> >> >> - spam > >> >> >> - eggs > >> >> >> > >> >> >> Result after your patch: > >> >> >> > >> >> >> - admin > >> >> >> - 4dm1n > >> >> >> - global > >> >> >> - gl0b4l > >> >> >> - spam > >> >> >> - 5p4m > >> >> >> - eggs > >> >> >> - 3gg5 > >> >> >> > >> >> >> > >> >> >> Results are saved in kb.kb.getData( 'passwordProfiling', > >> >> >> 'passwordProfiling' ) and used in bruteforce plugins as passwords > >> >> >> for > >> >> >> default users. > >> >> >> > >> >> >> If you have any questions, don't hesitate to ask them here! > >> >> >> > >> >> >> [0] > >> >> >> > >> >> >> > >> >> >> > https://sourceforge.net/tracker/?func=detail&aid=2664893&group_id=170274&atid=853655 > >> >> >> > >> >> >> > Thanks, > >> >> >> > > >> >> >> > Leo > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > ------------------------------------------------------------------------------ > >> >> >> > Apps built with the Adobe(R) Flex(R) framework and Flex > >> >> >> > Builder(TM) > >> >> >> > are > >> >> >> > powering Web 2.0 with engaging, cross-platform capabilities. > >> >> >> > Quickly > >> >> >> > and > >> >> >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based > >> >> >> > development > >> >> >> > software that enables intelligent coding and step-through > >> >> >> > debugging. > >> >> >> > Download the free 60 day trial. > http://p.sf.net/sfu/www-adobe-com > >> >> >> > _______________________________________________ > >> >> >> > W3af-develop mailing list > >> >> >> > W3af-develop@lists.sourceforge.net > >> >> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop > >> >> >> > > >> >> >> > > >> >> >> > >> >> >> > >> >> >> > >> >> >> -- > >> >> >> Andrés Riancho > >> >> >> http://www.bonsai-sec.com/ > >> >> >> http://w3af.sourceforge.net/ > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > ------------------------------------------------------------------------------ > >> >> > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) > >> >> > are > >> >> > powering Web 2.0 with engaging, cross-platform capabilities. > Quickly > >> >> > and > >> >> > easily build your RIAs with Flex Builder, the Eclipse(TM)based > >> >> > development > >> >> > software that enables intelligent coding and step-through > debugging. > >> >> > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com > >> >> > _______________________________________________ > >> >> > W3af-develop mailing list > >> >> > W3af-develop@lists.sourceforge.net > >> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop > >> >> > > >> >> > > >> >> > >> >> > >> >> > >> >> -- > >> >> Andrés Riancho > >> >> http://www.bonsai-sec.com/ > >> >> http://w3af.sourceforge.net/ > >> > > >> > > >> > >> > >> > >> -- > >> Andrés Riancho > >> http://www.bonsai-sec.com/ > >> http://w3af.sourceforge.net/ > > > > > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ >
------------------------------------------------------------------------------
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
