lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 4 Jun 2004 12:46:51 +1200
From: "Bojan Zdrnja" <Bojan.Zdrnja@....hr>
To: "'Evans, Arian'" <Arian.Evans@...hnetsecurity.com>,
	"'Byron Pezan'" <mbp@...bit.net>
Cc: <bugtraq@...urityfocus.com>
Subject: RE: Remote SMTP authentication audit tool?


 

> -----Original Message-----
> From: Evans, Arian [mailto:Arian.Evans@...hnetsecurity.com] 
> Sent: Friday, 4 June 2004 3:24 a.m.
> To: Byron Pezan
> Cc: bugtraq@...urityfocus.com
> Subject: RE: Remote SMTP authentication audit tool?
> 
> If you want to test your server like a spammer via actual 
> SMTP authentication
> brute forcing, there are several scripts out there like Brutus.pl:
> 
> http://www.0xdeadbeef.info/
> 
> (most the spammer scripts have short dictionary lists that 
> contain your usual
> admin\admin, backup\null, backup\backup, etc.)

That is just remote login brute force, which relies on VRFY, so it won't
work with any "hardened" MTA.
It doesn't brute force SMTP AUTH.

I'm not aware of any application that does SMTP AUTH brute force, I thought
Hydra would do it but nah.
It isn't too difficult to create one though, just check some MTAs code.

Cheers,

Bojan Zdrnja
CISSP




Powered by blists - more mailing lists