[W3af-develop] Hashes, rainbow tables and web applications

Mon, 17 Sep 2012 16:37:42 -0700 

Lists,

    w3af has a grep plugin for identifying/extracting md5 and sha1
hashes from HTTP responses [0] and I was thinking about implementing a
new feature that when the web application returns a hash; w3af will
try to "crack" it by searching the hash in a small rainbow table, the
idea is to find the low-hanging fruits: "Web application md5 hashes
the username and returns that in an HTTP response" or "This hash
represents 12345".

    The rainbow table I'm thinking about would be rather small (in
order to avoid a huge performance impact and also the problem of
distributing a big file within w3af) , should be as fast as possible
to resolve a query [1], should be implemented in pure python and be
100% local (no internet service).

    These are the questions I need the help of the community :)

- Which strings should I store? The 1M more common passwords? All
numbers from 1 to 1M? The 1M more common usernames? All of the
previous?
- Which string should I test on the fly? Domain name, username
configured by the w3af user and used in the authentication process?
- Should I store this in a rainbow table?
- If so, anyone knows a good m5d/sha1 pure-python rainbow table
generator/query tool?

    Thanks! I just want to keep your mind busy while I also thing
about these questions ;)

[0] 
http://sourceforge.net/apps/trac/w3af/browser/branches/threading2/plugins/grep/hash_analysis.py
[1] Search for a hash in the table

Regards,
-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to