Re: NSEC Enumeration script

[John Bond <john.r.bond () gmail com>]

On 16 May 2011 23:12, John Bond <john.r.bond () gmail com> wrote:
> The best thing i can think of is using something like the following
>
> subdomain = base32.enc(openssl.rand_bytes(20),true)

Another idea could be to do something like the following.

request
a.domain.com

this lets us know that the next label after a.domain.com is hash(secret.a)

we then request
b.domain.com
this lets us know that the next label after b.domain.com is hash(secret.b)

if  hash(secret.a) ==  hash(secret.b) then
   nextdomain = "c.domain.com"
else
   nextdomain = "am.domain.com"
end

the above example assumes just 26 valid where m would be char 13 and
therefore the one in the middle.  however i have to admit that this
level of sorting algorithm is well beyond my level of coding.  its
also worth mentioning that the subdomain logic for this script is a
bit more difficult then nsec
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/