Nmap Development mailing list archives
Re: [RFC] Username/Password NSE library
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 24 Jun 2008 14:31:40 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas Buchanan wrote:
Kris, I've used your username/password library to refactor my HTTP Auth brute forcing library (results to come after a little more testing), and it seems to work very nicely. One feature that would be nice, but
Great, thanks for testing.
certainly not essential, is the ability to reset or rewind the lists. Consider the typical process for brute forcing: for each username for each password try login end end The issue that I see is that for each new username, you have to create a new password closure. While not difficult or particularly time-consuming, it would be nice just to create the closure only once (and perform error checking, etc.), then reset the existing list each iteration and have it start over fresh. Like I said, this feature isn't really necessary, but would be nice to have if it's not too difficult to implement.
This is IMO a good idea which I hadn't considered. What about having the closure reset back to the beginning when the list is exhausted? It can return nil to let the caller know the list is over, but if it still gets called again it will just recycle through. One thing about this, though, is that there is no manual rewinding: you have to go through the whole list to start back again. But this should be fine for your specific brute-force method example, unless it was simplistic and not showing the early breaking of the password loop (i.e. not going through the whole list). What do you think about this?
Thanks, Thomas
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSGFLmv9K37xXYl36AQKAqA//XF5exvjjxcB3dzNptbcp2X7uAW9I8Oc+ ml5XgEC3RKay0+CpAincU7QHKx0FyiMLw3R+y5pMYnZFX3jXirTAQRCZrbAJIZiZ 6y8slye0SZDk+ZXlbcyUjNKpFAMSoYPmVhB92z9Z+4fUsCXyCSdHzXoI9d9Yf0Y4 BIK2XiVNzcVypAmovZhNfOnOW6XB1EbbI3VOcORszVtWGqK2kyFpwS54v6pMVDxu 2QX7hr+CgooocM+Om4g+wMkWxhNKFQKa3usInb/x8z0dwVcw3dBWIgaeYbz2v1N1 aenXQ6zTcz06gPVgoY0ZzPG1RZPHdN0JPlpDcRy7PS8QoHJf142vXKFdwc9vYcKh tcDqv5KEEobLD0N4k19VKrXJ68wfQKgkFVEETPer9Hcho350sRTce+AxY4VyoM7m y26t/M2fYqdkfMfAjyRC6H9c3oPdXnd0dpztY1AzzH5Xs8Sva84QvZtYjKOd3hNH drgJxSeOZQnmsM++8VIYDijP2dTsEtQKluIWnoXDKdVQOdy2iKvNsRl3xUcEElXa QrSRaGK27/PPoZ80+CS+Jks+1uydVgqXg+2kZnRdZIVIHRnrfRd3DM/ILx2Rhe2M Nh/XO8Pa161luoWlSp/0UaQw3exm/VA7cXUzRhyz6CnOPF2B3l65yGO4rKi2Vk5Q xcJ7LYcQmkg= =BRjZ -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] Username/Password NSE library, (continued)
- Re: [RFC] Username/Password NSE library Andrew J. Bennieston (Jun 18)
- Re: [RFC] Username/Password NSE library Tom Sellers (Jun 17)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 23)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Philip Pickering (Jun 18)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 25)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 25)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 25)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 25)