Gathering SMTP information using Python


Hello readers, how are you? I’ve been working on a penetration test job for a private client and I had to check if specific mail accounts existed on several hosts in the same network. Thus, I lost an hour writing a Python script using multithreading that solved my problem. Honestly, I don’t know if it is interesting for you, but you can adapt for other cases. The script requires some inputs such as a filename containing the users to be tested (root, admin, alex, and so on), the network address (ex. 192.168.1), the beginning and ending range of hosts. It follows the script and an output below:

#!/usr/bin/python

# Written by Alexandre Borges (http://alexandreborges.org)

import sys

import socket

import time

from threading import Thread

# SMTP verification function

def Vrf(ip,f):

try:

    # Create a socket

    socket.setdefaulttimeout(2)

    sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    # Connect to target server

    conn=sock.connect((ip,25))

    # Receive the response

    response=sock.recv(1024)

    # Print the response

    print ‘\t’+response

    # Send the verification command to SMTP server, wait for the answer and print the result

    for user in f.readlines():

sock.send(‘VRFY ‘ + user.strip(‘\n’) + ‘\r\n’)

final=sock.recv(1024)

print ‘\t’+final

sock.close()

    except:

        return

def main():

    # Check the correct syntax

    if len(sys.argv) != 5:

        print “The correct usage is smtpcheck.py <filename> <net_address> <begin_range> <end_range>”

        print “The network address must be entered as X.Y.Z – for example: 192.168.1”

        sys.exit(0)

    # Open the provided file

    arg = sys.argv[1]

    beg = int(sys.argv[3])

    end = int(sys.argv[4])

    net = sys.argv[2]

    filename = open(arg,’r’)

    # Test each system on the range

    for i in range(beg,end):

addr = net + ‘.’ + str(i)

print addr

t = Thread(target=Vrf, args=(addr,filename))

t.start()

time.sleep(0.5)

if __name__==’__main__’:

    main()

Output

root@hacker:~# ./smtpcheck.py smtp_list.txt 192.168.1 105 110

192.168.1.105

192.168.1.106

192.168.1.107

    220 metasploitable.localdomain ESMTP Postfix (Ubuntu)

    550 5.1.1 <ale>: Recipient address rejected: User unknown in local recipient table

    550 5.1.1 <fernanda>: Recipient address rejected: User unknown in local recipient table

    550 5.1.1 <test>: Recipient address rejected: User unknown in local recipient table

    252 2.0.0 msfadmin

    252 2.0.0 root

    550 5.1.1 <admin>: Recipient address rejected: User unknown in local recipient table

192.168.1.108

192.168.1.109

 

Please, let me know if you enjoyed it.

Have a nice day.

Alexandre Borges

(Linkedin: http://www.linkedin.com/in/aleborges)

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s