Re: [RFC] Username/Password NSE library

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
> On Thu, Jun 19, 2008 at 04:54:57PM -0500, Kris Katterjohn wrote:
> > So what are your thoughts on how long the default lists should be?  The
> > general consensus seems to be fairly small (a few hundred).
>
> I think it is fine for the library to have reasonably long lists (such
> as thousands or maybe even tens of thousands of passwords).  As long
> as they are ordered by frequency, the scripts themselves can decide
> how many to take.  Different authentication methods take very
> different lengths of time to test each user/password combination, so I
> don't think there will be a one-size fits all rule like "scripts will
> try the first 300".  We might even want the scripts to just keep
> trying passwords until a certain amount of clock time has passed,
> rather than based on number of passwords.

OK, guys, poll time: should we use the stock, ordered password file from John
the Ripper with ~3100 entries, a different password file obtained from
elsewhere, or generate our own list (e.g. from honeypot data per Brandon's
suggestion)?  I don't see how to use two separate lists from different sources
together.

The ordered list that comes with a password cracker listed #10 overall on
SecTools lends credence to one of these options :)

However, the list with John isn't huge (e.g. tens of thousands of entries) and
can't expanded on-the-fly.  But if 3107 sounds like a good number of entries,
then it makes for a really good candidate.

Of course, if we decide on the list from John, or wherever, we can always
create our own list later if we decide we want more entries or whathaveyou.

> Cheers,
> -F

Thanks,
Kris Katterjohn


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSFskwf9K37xXYl36AQLrRA/+L2W5vF1sqgN4j9LHOiGdkuiBmQCRtvMs
GSjN2fbIRyhGw8KV4iC+GnR4ngjhUpOpHYVTIBx0ExVAaRp5myuz/73AyGTJoZ/h
QZo4OZr/PGFF+iLXuuMbXsW4e6Yj4zMOkqnoHeLzD2VuGIVThbaNjGM+6WlrMePK
yxZMfplBTpOiXM9cxtGGwNZnVQJBEZvuPydrNmmsIoa0cV55KmJSsMxVGB8ns4/l
LOpctW/SI5Gbb5hG0Z4DMttf1xmlriUbzffbsE2UETdf31Jjo/+ROPJM6r1L4+n4
HAHTS5Hcc0wpP1IxE3SOxrNwTX2Y81zueoOtDjD1nCsi6ylb03DqBxaWAcB/uw1s
XiHduo7RpPdEtOYDcvwZMIAgmoEFzkLZGVw+oc+AB4zpbMYvDvzQWMrDe5C+65GR
ELLXRXAawYBr1TPe7RBs9MeJ5f9ktyTY0gLKOXLnrrfzBgUJ41sleZN5ISbZXeZg
qMXAMTkjJycg3p1FpWDp5ndy9TsuLugLUNpIuJL/qI4TtKH7qOHIXFBz9XslUQjm
H90Eg4cvyRbsI5+G8bMhmwbeKejrXkqsSla4djJLZ4LGfBVXFVPDjpkxrv49GZT6
EfV+6ZRu4+wSuZHUgXMJQyL7OUj4VA3PjzqlNeFCIren2Y8KfKBBT5A4wtTMF6wv
9GBJ6wVAJ6A=
=9aAL
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org