mailing list archives
Re: [RFC] Username/Password NSE library
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 24 Jun 2008 14:31:40 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Thomas Buchanan wrote:
I've used your username/password library to refactor my HTTP Auth brute
forcing library (results to come after a little more testing), and it
seems to work very nicely. One feature that would be nice, but
Great, thanks for testing.
certainly not essential, is the ability to reset or rewind the lists.
Consider the typical process for brute forcing:
for each username
for each password
The issue that I see is that for each new username, you have to create a
new password closure. While not difficult or particularly
time-consuming, it would be nice just to create the closure only once
(and perform error checking, etc.), then reset the existing list each
iteration and have it start over fresh.
Like I said, this feature isn't really necessary, but would be nice to
have if it's not too difficult to implement.
This is IMO a good idea which I hadn't considered. What about having the
closure reset back to the beginning when the list is exhausted? It can return
nil to let the caller know the list is over, but if it still gets called again
it will just recycle through. One thing about this, though, is that there is
no manual rewinding: you have to go through the whole list to start back
again. But this should be fine for your specific brute-force method example,
unless it was simplistic and not showing the early breaking of the password
loop (i.e. not going through the whole list).
What do you think about this?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)