Andres:
I'd rather try to use another system that already implements efficiently the
rainbow table lookup instead of bloating w3af.
If that system lacks of some kind of api or easy way to interact, ask them to
build it and offer them some help. That is if you don't like exec(), jeje.
Then, build the 1M or whatever rainbow table for that system.
> - Which string should I test on the fly?
> - Should I store this in a rainbow table?
If you test on the fly it is because the candidate strings come from the
current target context, that is why you don't have them already in a rainbow
table. Will you use them against the current target more than a few times? I
don't know if a RT can grow.
Carlos Pantelides
@dev4sec
http://seguridad-agile.blogspot.com/
________________________________
From: Andres Riancho <andres.rian...@gmail.com>
To: "w3af-develop@lists.sourceforge.net" <W3af-develop@lists.sourceforge.net>
Cc: w3af-us...@lists.sourceforge.net
Sent: Monday, September 17, 2012 8:36 PM
Subject: [W3af-users] Hashes, rainbow tables and web applications
Lists,
w3af has a grep plugin for identifying/extracting md5 and sha1
hashes from HTTP responses [0] and I was thinking about implementing a
new feature that when the web application returns a hash; w3af will
try to "crack" it by searching the hash in a small rainbow table, the
idea is to find the low-hanging fruits: "Web application md5 hashes
the username and returns that in an HTTP response" or "This hash
represents 12345".
The rainbow table I'm thinking about would be rather small (in
order to avoid a huge performance impact and also the problem of
distributing a big file within w3af) , should be as fast as possible
to resolve a query [1], should be implemented in pure python and be
100% local (no internet service).
These are the questions I need the help of the community :)
- Which strings should I store? The 1M more common passwords? All
numbers from 1 to 1M? The 1M more common usernames? All of the
previous?
- Which string should I test on the fly? Domain name, username
configured by the w3af user and used in the authentication process?
- Should I store this in a rainbow table?
- If so, anyone knows a good m5d/sha1 pure-python rainbow table
generator/query tool?
Thanks! I just want to keep your mind busy while I also thing
about these questions ;)
[0]
http://sourceforge.net/apps/trac/w3af/browser/branches/threading2/plugins/grep/hash_analysis.py
[1] Search for a hash in the table
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-users mailing list
w3af-us...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
