Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

RE: Remote SMTP authentication audit tool?
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Fri, 4 Jun 2004 12:46:51 +1200
 


-----Original Message-----
From: Evans, Arian [mailto:Arian.Evans () fishnetsecurity com] 
Sent: Friday, 4 June 2004 3:24 a.m.
To: Byron Pezan
Cc: bugtraq () securityfocus com
Subject: RE: Remote SMTP authentication audit tool?

If you want to test your server like a spammer via actual 
SMTP authentication
brute forcing, there are several scripts out there like Brutus.pl:

http://www.0xdeadbeef.info/

(most the spammer scripts have short dictionary lists that 
contain your usual
admin\admin, backup\null, backup\backup, etc.)


That is just remote login brute force, which relies on VRFY, so it won't
work with any "hardened" MTA.
It doesn't brute force SMTP AUTH.

I'm not aware of any application that does SMTP AUTH brute force, I thought
Hydra would do it but nah.
It isn't too difficult to create one though, just check some MTAs code.

Cheers,

Bojan Zdrnja
CISSP

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]