Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: NSEC Enumeration script
From: John Bond <john.r.bond () gmail com>
Date: Tue, 5 Apr 2011 23:42:10 +0200

On 5 April 2011 01:47, David Fifield <david () bamsoftware com> wrote:
On Thu, Mar 17, 2011 at 10:54:44PM +0100, John Bond wrote:

You don't run forever--run until every hash value is accounted for.
Guess a name, and suppose that an NSEC3 comes back with values 246e6bbc
and 27fb6080. Now you know that 246e6bbc and 27fb6080 exist, and nothing
between them does. So now you guess more names until you end up in the
range 0-246e6bbb or 27fb6081-ffffffff, then make your query. Just keep
track of the ranges that you are missing until there are none left. If
you do the hashing locally, you can avoid sending a query when its hash
falls in a range you already know.
thanks David,

I hadn't realised until recently that the hash's were stored in hash
order.  i had assumed that they would be stored in the order of the
un-hashed name.  however as they are stored in hash order im thinking
i could just make use of the increment_component function from the
nsec script.  I still need to read up on the hash ordering to make
sure i haven't missed something but, now the nsec3 parser is working
properly this could end up been simpler then the nsec script
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]