Nmap Development mailing list archives
RE: Password profiling in NSE
From: Giacomo Mantani <giacomo.mantani () studio unibo it>
Date: Tue, 19 Apr 2016 19:07:27 +0000
On Mon, Apr 18, 2016 7:55 PM, George Chatzisofroniou <sophron () latthi com> wrote:
I have worked in an HTML parser library in order for the GSoC proposal, it enhance http-title and other script, maybe we could use it to do a better information gathering phase.I had a look at your HTML parser. A problem I see is that is based on PEG, making it memory-consuming. An alternative would be a pull-driven library, such as Pico XML [1], which has been referenced a few times on this list.
I am not sure about that. LPeg seems a good choice for the following reasons: * We already have LPeg integrated into NSE. * It is already shipped with a lua package. * It is under developing and well documented. * It is flexible, you do not need to define a full grammar. * First-class patterns allow to break complex definitions in smaller parts. * Last but not the least, we already have a parser structure ;) I have not tested memory consumption but actually I think it is not too cumbersome.
If there is an efficient HTML parser in place, we could potentially grab the most frequent words in an HTML response and feed them to our pwdprofile library.Speaking about more complicated mangling algorithms, password often are made up only with characters that are in the keyboard. I think that really few people use characters outside (not displayed). We could leverage this supposition to get a subset of character to use in mutation algorithm. In addition, we could take advantage of the target country to guessing the keyboard layout.I'm not sure I understand what you mean here. We are still mounting a dictionary attack (rather than a raw brute forcing). The patch I posted replaces letters with their leet alternatives already.
In mounting the dictionary we could add words that are common in a specific gathered country. Let me try to explain it with an example: If we guess that the target is from Italy we could suppose that it use an italian QWERTY keyboard. Doing so we could omit words with special characters not present in italian alphabet like ( Ü,ß,б,ы,т,ь,г,о,в,р,и,ê,ñ ) I will ping you on IRC, Giacomo ________________________________________ From: George Chatzisofroniou [sophron () latthi com] Sent: Monday, April 18, 2016 7:55 PM To: Giacomo Mantani Cc: nmap list Subject: Re: Password profiling in NSE On Fri, Apr 15, 2016 at 3:36 AM, Giacomo Mantani <giacomo.mantani () studio unibo it> wrote:
I am a GSoC student interested, it seems useful. I could help you develop some features if you want and the community approve your work. Independently from be approved or not in the summer of code program (results will be public on 25 April).
Great. I'm available for helping you out. Feel free to ping me on IRC (my handle is sophron and I'm on Freenode) to discuss the next steps we should take.
I have worked in an HTML parser library in order for the GSoC proposal, it enhance http-title and other script, maybe we could use it to do a better information gathering phase.
I had a look at your HTML parser. A problem I see is that is based on PEG, making it memory-consuming. An alternative would be a pull-driven library, such as Pico XML [1], which has been referenced a few times on this list. If there is an efficient HTML parser in place, we could potentially grab the most frequent words in an HTML response and feed them to our pwdprofile library.
Speaking about more complicated mangling algorithms, password often are made up only with characters that are in the keyboard. I think that really few people use characters outside (not displayed). We could leverage this supposition to get a subset of character to use in mutation algorithm. In addition, we could take advantage of the target country to guessing the keyboard layout.
I'm not sure I understand what you mean here. We are still mounting a dictionary attack (rather than a raw brute forcing). The patch I posted replaces letters with their leet alternatives already.
Have you already a repository with some version control software?
I haven't, but I can if this is going to help you contributing. [1]: https://sourceforge.net/projects/picoxml/ -- George Chatzisofroniou _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Password profiling in NSE George Chatzisofroniou (Apr 14)
- RE: Password profiling in NSE Giacomo Mantani (Apr 15)
- Re: Password profiling in NSE George Chatzisofroniou (Apr 18)
- RE: Password profiling in NSE Giacomo Mantani (Apr 19)
- Re: Password profiling in NSE George Chatzisofroniou (Apr 18)
- Re: Password profiling in NSE Gisle Vanem (Apr 15)
- RE: Password profiling in NSE Giacomo Mantani (Apr 15)
- Re: Password profiling in NSE Fotis Hantzis (Apr 15)
- RE: Password profiling in NSE Giacomo Mantani (Apr 15)
- RE: Password profiling in NSE Giacomo Mantani (Apr 15)