Re: backorifice-info

[Toni Ruottu <toni.ruottu () iki fi>]

The password is useful, because it can be used to access the service
with regular client software. Figuring out the password for the user
is the main objective for a brute script. It is good if an info script
can benefit from the information produced by a brute script, but the
main objective is still to figure out the password. Now, maybe you do
not need to store a rainbow table, because finding a password that
hashes to the seed might be trivial. The good thing here is that we do
not need to find the correct one, as long as we find a working
password.

On Wed, Apr 20, 2011 at 6:23 PM, Gorjan Petrovski <mogi57 () gmail com> wrote:
> On Wed, Apr 20, 2011 at 12:49 PM, Toni Ruottu <toni.ruottu () iki fi> wrote:
> > Are you planning to try all seed values? Would it make sense to
> > generate a table that has one password for each seed value, so you
> > could return that password to the user when you find the correct seed?
> I'm still analyzing the resulting seed values from the encryption, and
> I plan to try only those seeds that can be generated. I was also
> thinking of optimizing the order in which the seeds are tried
> according to most used passwords.
> A password is only used to generate an initial seed. That's why I am
> not going to return a fitting password for a successful seed, instead
> I'll pass the seed itself as a script argument. The backorifice-info
> script already accepts such an argument.
>
> Gorjan Petrovski
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/