Lieutenant Lieutenant
Lieutenant
9474 views

Web Brute deleted dictionary question

Jump to solution

I was using Web Brute and tried importing my own dictionary, one for username one for passwords.  Only one appeared in list so I kept trying.  Thought maybe more than 3 wasn't allowed so I deleted the default ones. Realized afterwards that it didn't like my username file as I had a VERY long username to test.  Now I don't have the default dictionaries.  Where can I find them? Are they permanently gone? If yes, is it possible to get them from your site or emailed to me?

Also, no error was presented other than this at the bottom of the import window:

Creating new dictionary test.

Dictionary test created.

Importing 2 items into dictionary.

@DictionaryItemValue : String truncation: max=255, len=276, value='klmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz'.

Tags (1)
0 Likes
1 Solution

Accepted Solutions
Absent Member.
Absent Member.

Selwyn:

The .sdf file will not import only a .txt file will.  To that extent once they are imported they become .sdf files in the system.  As to our original question about getting the default files.  I have attached the .txt files from our default that come with the product for baseline simplicity.  I personally believe that they are a good starting point, but you should build or enhance the files.

I hope this helps.

 

Joel E. Natt CISSP, CRISC
Hewlett-Packard Enterprise Software Education
Exam Development Lead – Hewlett-Packard Enterprise Software

Trainer – HP Software Education – Fortify, TippingPoint

 

Get Training: http://www.hpenterprisesecurity.com/university

Get Certified: http://h10120.www1.hp.com/ExpertOne/certification_program_overview.html 

Joel E. Natt, CISSP CRISC
Global Exam/Certification Development Manager – Hewlett Packard Enterprise Software Education

View solution in original post

0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

It appears the default dictionaries are kept at  C:\Users\%CURRENTUSER%\Documents\HP\Tools\WebBrute\Dictionaries\Dictionaries.sdf   I noted that this WebBrute folder does not get created until the user opens WebBrute at least once.  I have not used this tool in version 10.30 yet, so I am assuming this is the default and have attached it here for your access.  This default data only has Usernames and Passwords, no Emails.

The Import/Export appears to only deal with TXT files, so I am assuming your TXT gets placed inside this SDF (SQL Database File).  As a SDF file, it can be attached to using SQL Studio.  The Dictionaries table lists the existing or imported dictionaries.  The DictionaryTypes table shows us that DictionaryTypeId values 1, 2, and 3 represent Usernames, Passwords, and Emails, respectively.

This will list the raw contents of all the lists, separated into first Usernames, then Passwords, and then Emails:

     SELECT * FROM Dictionaryitems ORDER BY DictionaryId

This will extract only the listing for one list type.

     SELECT * FROM Dictionaryitems WHERE DictionaryId=1         (or =2  or =3)


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Lieutenant Lieutenant
Lieutenant

Hi Hans,

I do have the Dictionaries.sdf file. The text files I created were put in the same directory as the .sdf file. I can see them and select them as dictionaries to use.  What I do not see are the 2 default dictionaries that were there the first time I opened Web Brute (one for usernames, one for passwords).  I have SQL Server 2012 on my machine and it will not open the .sdf file.  I can try downloading a sdf viewer but if I can do the queries you suggested I should put their output to a new text file.... assuming the default dictionaries are in the .sdf file?

Thanks

0 Likes
Micro Focus Expert
Micro Focus Expert

I used SQL Studio 2008, but you have to specify an Attach action.  In some instances the SDF might be "too large" and you just adjust the connection settings to permit a larger file before the Attach action.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Lieutenant Lieutenant
Lieutenant

I did try attaching the file and get the error:  Dictionaries.sdf is not a primary database file.

I did download an opensource SDF viewer and when I try to open the file with it I get this error:

Unable to open the database:  Could not load file or assembly 'System.Data.SqlServerCe,Version=3.5.0.0...... or one of its dependencies. The system cannot find the file specified.

seems to be looking for some compact edition file?

0 Likes
Absent Member.
Absent Member.

Selwyn:

The .sdf file will not import only a .txt file will.  To that extent once they are imported they become .sdf files in the system.  As to our original question about getting the default files.  I have attached the .txt files from our default that come with the product for baseline simplicity.  I personally believe that they are a good starting point, but you should build or enhance the files.

I hope this helps.

 

Joel E. Natt CISSP, CRISC
Hewlett-Packard Enterprise Software Education
Exam Development Lead – Hewlett-Packard Enterprise Software

Trainer – HP Software Education – Fortify, TippingPoint

 

Get Training: http://www.hpenterprisesecurity.com/university

Get Certified: http://h10120.www1.hp.com/ExpertOne/certification_program_overview.html 

Joel E. Natt, CISSP CRISC
Global Exam/Certification Development Manager – Hewlett Packard Enterprise Software Education

View solution in original post

0 Likes
Lieutenant Lieutenant
Lieutenant

Thanks Joel!  I just wanted to the default to start with - I've got yours and will work toward building my own. 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.