lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Jun 2004 12:46:51 +1200 From: "Bojan Zdrnja" <Bojan.Zdrnja@....hr> To: "'Evans, Arian'" <Arian.Evans@...hnetsecurity.com>, "'Byron Pezan'" <mbp@...bit.net> Cc: <bugtraq@...urityfocus.com> Subject: RE: Remote SMTP authentication audit tool? > -----Original Message----- > From: Evans, Arian [mailto:Arian.Evans@...hnetsecurity.com] > Sent: Friday, 4 June 2004 3:24 a.m. > To: Byron Pezan > Cc: bugtraq@...urityfocus.com > Subject: RE: Remote SMTP authentication audit tool? > > If you want to test your server like a spammer via actual > SMTP authentication > brute forcing, there are several scripts out there like Brutus.pl: > > http://www.0xdeadbeef.info/ > > (most the spammer scripts have short dictionary lists that > contain your usual > admin\admin, backup\null, backup\backup, etc.) That is just remote login brute force, which relies on VRFY, so it won't work with any "hardened" MTA. It doesn't brute force SMTP AUTH. I'm not aware of any application that does SMTP AUTH brute force, I thought Hydra would do it but nah. It isn't too difficult to create one though, just check some MTAs code. Cheers, Bojan Zdrnja CISSP
Powered by blists - more mailing lists