Nmap Development mailing list archives
Re: backorifice-info
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Wed, 20 Apr 2011 19:14:01 +0300
The password is useful, because it can be used to access the service with regular client software. Figuring out the password for the user is the main objective for a brute script. It is good if an info script can benefit from the information produced by a brute script, but the main objective is still to figure out the password. Now, maybe you do not need to store a rainbow table, because finding a password that hashes to the seed might be trivial. The good thing here is that we do not need to find the correct one, as long as we find a working password. On Wed, Apr 20, 2011 at 6:23 PM, Gorjan Petrovski <mogi57 () gmail com> wrote:
On Wed, Apr 20, 2011 at 12:49 PM, Toni Ruottu <toni.ruottu () iki fi> wrote:Are you planning to try all seed values? Would it make sense to generate a table that has one password for each seed value, so you could return that password to the user when you find the correct seed?I'm still analyzing the resulting seed values from the encryption, and I plan to try only those seeds that can be generated. I was also thinking of optimizing the order in which the seeds are tried according to most used passwords. A password is only used to generate an initial seed. That's why I am not going to return a fitting password for a successful seed, instead I'll pass the seed itself as a script argument. The backorifice-info script already accepts such an argument. Gorjan Petrovski _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- backorifice-info Gorjan Petrovski (Apr 11)
- Re: backorifice-info David Fifield (Apr 18)
- Re: backorifice-info Gorjan Petrovski (Apr 19)
- Re: backorifice-info David Fifield (Apr 20)
- Re: backorifice-info Gorjan Petrovski (Apr 20)
- Message not available
- Message not available
- Re: backorifice-info Gorjan Petrovski (Apr 25)
- Re: backorifice-info Gorjan Petrovski (Apr 19)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: backorifice-info Gorjan Petrovski (Apr 25)
- Re: backorifice-info Patrick Donnelly (Apr 25)
- Re: backorifice-info David Fifield (Apr 18)
- Re: backorifice-info Toni Ruottu (Apr 20)
- Re: backorifice-info Gorjan Petrovski (Apr 20)
- Re: backorifice-info Toni Ruottu (Apr 20)
- Re: backorifice-info Gorjan Petrovski (Apr 20)