Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Username/Password NSE library
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 19 Jun 2008 22:32:19 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
On Thu, Jun 19, 2008 at 04:54:57PM -0500, Kris Katterjohn wrote:
So what are your thoughts on how long the default lists should be?  The
general consensus seems to be fairly small (a few hundred).

I think it is fine for the library to have reasonably long lists (such
as thousands or maybe even tens of thousands of passwords).  As long
as they are ordered by frequency, the scripts themselves can decide
how many to take.  Different authentication methods take very
different lengths of time to test each user/password combination, so I
don't think there will be a one-size fits all rule like "scripts will
try the first 300".  We might even want the scripts to just keep
trying passwords until a certain amount of clock time has passed,
rather than based on number of passwords.


OK, guys, poll time: should we use the stock, ordered password file from John
the Ripper with ~3100 entries, a different password file obtained from
elsewhere, or generate our own list (e.g. from honeypot data per Brandon's
suggestion)?  I don't see how to use two separate lists from different sources
together.

The ordered list that comes with a password cracker listed #10 overall on
SecTools lends credence to one of these options :)

However, the list with John isn't huge (e.g. tens of thousands of entries) and
can't expanded on-the-fly.  But if 3107 sounds like a good number of entries,
then it makes for a really good candidate.

Of course, if we decide on the list from John, or wherever, we can always
create our own list later if we decide we want more entries or whathaveyou.

Cheers,
-F

Thanks,
Kris Katterjohn


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSFskwf9K37xXYl36AQLrRA/+L2W5vF1sqgN4j9LHOiGdkuiBmQCRtvMs
GSjN2fbIRyhGw8KV4iC+GnR4ngjhUpOpHYVTIBx0ExVAaRp5myuz/73AyGTJoZ/h
QZo4OZr/PGFF+iLXuuMbXsW4e6Yj4zMOkqnoHeLzD2VuGIVThbaNjGM+6WlrMePK
yxZMfplBTpOiXM9cxtGGwNZnVQJBEZvuPydrNmmsIoa0cV55KmJSsMxVGB8ns4/l
LOpctW/SI5Gbb5hG0Z4DMttf1xmlriUbzffbsE2UETdf31Jjo/+ROPJM6r1L4+n4
HAHTS5Hcc0wpP1IxE3SOxrNwTX2Y81zueoOtDjD1nCsi6ylb03DqBxaWAcB/uw1s
XiHduo7RpPdEtOYDcvwZMIAgmoEFzkLZGVw+oc+AB4zpbMYvDvzQWMrDe5C+65GR
ELLXRXAawYBr1TPe7RBs9MeJ5f9ktyTY0gLKOXLnrrfzBgUJ41sleZN5ISbZXeZg
qMXAMTkjJycg3p1FpWDp5ndy9TsuLugLUNpIuJL/qI4TtKH7qOHIXFBz9XslUQjm
H90Eg4cvyRbsI5+G8bMhmwbeKejrXkqsSla4djJLZ4LGfBVXFVPDjpkxrv49GZT6
EfV+6ZRu4+wSuZHUgXMJQyL7OUj4VA3PjzqlNeFCIren2Y8KfKBBT5A4wtTMF6wv
9GBJ6wVAJ6A=
=9aAL
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]