templatemo easy profile


MY SCRIPTS


SMTP_VRFY.py


During my OSCP course I wrote this python script to identify users on SMTP servers.








#!/usr/bin/python

import os, socket, sys
import time
base = "10.11.1."
#ips = [115,128,217,227]
ips =[115,]
os.system("touch report")
VRFY_OK = "250"
Postfix = "Postfix"
port = 25
for ip in ips:
	target = base + str(ip)
	target = target.strip()
	print "TESTING IP: " + target
	users = tuple(open("SMB_Users", 'r'))	
	for user in users:
		try:
			s =  socket.socket(socket.AF_INET, socket.SOCK_STREAM)
			result = s.connect((target,port ))

			if result:
				print "problem with socket!"

			try:
				banner = s.recv(1024)
				if banner != None:
					print banner
				else:
					print "No Banner received"
					s.close()
			except:
				print "Banner Error"
				s.close()
			if Postfix in banner:
				try:
					print "sending HELO"
					s.send('HELO ESMPT\r\n')
					response = s.recv(1024)
					print response.strip()
					s.send('MAIL From:[email protected]\r\n')
					response2 = s.recv(1024)
					print response2.strip()
					domain = response.split("250 ")[1]
					#domain = c.split(" ESMTP")[0]
					print "using domain " +  domain
					print "[*] Trying user " + user.strip()
					s.send('RCPT To:' + user.strip() + '@' + domain + '\r\n')
					response3 = s.recv(1024)
					print response3.strip()
					if VRFY_OK in response3:
						print "[#] User " + user.strip() + " VERIFIED OK!"
						os.system("echo user " + user.strip() + " on " + target + " is verified OK  >> report")
					else:
						print "user " + user.strip() + " not found\n"
					s.send('QUIT\r\n')
					resp = s.recv(1024)
					print resp
				except: 
					print "Postfix Error"
				finally:
					s.close()
			else:
				try:
					print "[*] Trying user " + user.strip()
					s.send('VRFY bob\r\n')
					#s.send('VRFY ' + user.strip() + '\r\n')
					result = s.recv(1024)
					if VRFY_OK in result:
						print "[#] User " + user.strip() + " VERIFIED OK!"
						os.system("echo user " + user.strip() + " on " + target + " is verified OK  >> report")
						
					print result.strip()
					s.send('QUIT\r\n')
					resp = s.recv(1024)
				except Exception as e: 
					print("1 - something's wrong with %s:str(%d). Exception is %s" % (target,port, e))
				finally:
					s.close()

		except Exception as e: 
			print("2 - something's wrong with %s:str(%d). Exception is %s" % (target,port, e))

sys.exit()
print "Please review any verifed accounts on the file just created named 'report'"