Carlos, On Mon, Sep 17, 2012 at 10:34 PM, Carlos Pantelides <carlos_panteli...@yahoo.com> wrote: > Andres: > > I'd rather try to use another system that already implements efficiently the > rainbow table lookup instead of bloating w3af.
Sure! I'm looking for a pure-python rainbow table implementation that I can use in w3af; the ideal case would be something that can be installed with easy_install > If that system lacks of some kind of api or easy way to interact, ask them > to build it and offer them some help. That is if you don't like exec(), > jeje. > > Then, build the 1M or whatever rainbow table for that system. Yep, totally agree, > >> - Which string should I test on the fly? >> - Should I store this in a rainbow table? > If you test on the fly it is because the candidate strings come from the > current target context, that is why you don't have them already in a rainbow > table. Will you use them against the current target more than a few times? I > don't know if a RT can grow. > > > Carlos Pantelides > > @dev4sec > > > http://seguridad-agile.blogspot.com/ > ________________________________ > From: Andres Riancho <andres.rian...@gmail.com> > To: "w3af-develop@lists.sourceforge.net" > <W3af-develop@lists.sourceforge.net> > Cc: w3af-us...@lists.sourceforge.net > Sent: Monday, September 17, 2012 8:36 PM > > Subject: [W3af-users] Hashes, rainbow tables and web applications > > Lists, > > w3af has a grep plugin for identifying/extracting md5 and sha1 > hashes from HTTP responses [0] and I was thinking about implementing a > new feature that when the web application returns a hash; w3af will > try to "crack" it by searching the hash in a small rainbow table, the > idea is to find the low-hanging fruits: "Web application md5 hashes > the username and returns that in an HTTP response" or "This hash > represents 12345". > > The rainbow table I'm thinking about would be rather small (in > order to avoid a huge performance impact and also the problem of > distributing a big file within w3af) , should be as fast as possible > to resolve a query [1], should be implemented in pure python and be > 100% local (no internet service). > > These are the questions I need the help of the community :) > > - Which strings should I store? The 1M more common passwords? All > numbers from 1 to 1M? The 1M more common usernames? All of the > previous? > - Which string should I test on the fly? Domain name, username > configured by the w3af user and used in the authentication process? > - Should I store this in a rainbow table? > - If so, anyone knows a good m5d/sha1 pure-python rainbow table > generator/query tool? > > Thanks! I just want to keep your mind busy while I also thing > about these questions ;) > > [0] > http://sourceforge.net/apps/trac/w3af/browser/branches/threading2/plugins/grep/hash_analysis.py > [1] Search for a hash in the table > > Regards, > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > W3af-users mailing list > w3af-us...@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
