Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: NSEC Enumeration script
From: John Bond <john.r.bond () gmail com>
Date: Mon, 16 May 2011 23:22:01 +0200

On 16 May 2011 23:12, John Bond <john.r.bond () gmail com> wrote:
The best thing i can think of is using something like the following

subdomain = base32.enc(openssl.rand_bytes(20),true)

Another idea could be to do something like the following.

request
a.domain.com

this lets us know that the next label after a.domain.com is hash(secret.a)

we then request
b.domain.com
this lets us know that the next label after b.domain.com is hash(secret.b)

if  hash(secret.a) ==  hash(secret.b) then
   nextdomain = "c.domain.com"
else
   nextdomain = "am.domain.com"
end

the above example assumes just 26 valid where m would be char 13 and
therefore the one in the middle.  however i have to admit that this
level of sorting algorithm is well beyond my level of coding.  its
also worth mentioning that the subdomain logic for this script is a
bit more difficult then nsec
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault