mailing list archives
Re: NSEC Enumeration script
From: John Bond <john.r.bond () gmail com>
Date: Mon, 16 May 2011 23:22:01 +0200
On 16 May 2011 23:12, John Bond <john.r.bond () gmail com> wrote:
The best thing i can think of is using something like the following
subdomain = base32.enc(openssl.rand_bytes(20),true)
Another idea could be to do something like the following.
this lets us know that the next label after a.domain.com is hash(secret.a)
we then request
this lets us know that the next label after b.domain.com is hash(secret.b)
if hash(secret.a) == hash(secret.b) then
nextdomain = "c.domain.com"
nextdomain = "am.domain.com"
the above example assumes just 26 valid where m would be char 13 and
therefore the one in the middle. however i have to admit that this
level of sorting algorithm is well beyond my level of coding. its
also worth mentioning that the subdomain logic for this script is a
bit more difficult then nsec
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/