Re: NSEC Enumeration script

[John Bond <john.r.bond () gmail com>]

On 5 April 2011 01:47, David Fifield <david () bamsoftware com> wrote:
> On Thu, Mar 17, 2011 at 10:54:44PM +0100, John Bond wrote:
>
> You don't run forever--run until every hash value is accounted for.
> Guess a name, and suppose that an NSEC3 comes back with values 246e6bbc
> and 27fb6080. Now you know that 246e6bbc and 27fb6080 exist, and nothing
> between them does. So now you guess more names until you end up in the
> range 0-246e6bbb or 27fb6081-ffffffff, then make your query. Just keep
> track of the ranges that you are missing until there are none left. If
> you do the hashing locally, you can avoid sending a query when its hash
> falls in a range you already know.
thanks David,

I hadn't realised until recently that the hash's were stored in hash
order.  i had assumed that they would be stored in the order of the
un-hashed name.  however as they are stored in hash order im thinking
i could just make use of the increment_component function from the
nsec script.  I still need to read up on the hash ordering to make
sure i haven't missed something but, now the nsec3 parser is working
properly this could end up been simpler then the nsec script
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/