MY SCRIPTS
SMTP_VRFY.py
During my OSCP course I wrote this python script to identify users on SMTP servers.
#!/usr/bin/python
import os, socket, sys
import time
base = "10.11.1."
#ips = [115,128,217,227]
ips =[115,]
os.system("touch report")
VRFY_OK = "250"
Postfix = "Postfix"
port = 25
for ip in ips:
target = base + str(ip)
target = target.strip()
print "TESTING IP: " + target
users = tuple(open("SMB_Users", 'r'))
for user in users:
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
result = s.connect((target,port ))
if result:
print "problem with socket!"
try:
banner = s.recv(1024)
if banner != None:
print banner
else:
print "No Banner received"
s.close()
except:
print "Banner Error"
s.close()
if Postfix in banner:
try:
print "sending HELO"
s.send('HELO ESMPT\r\n')
response = s.recv(1024)
print response.strip()
s.send('MAIL From:[email protected]\r\n')
response2 = s.recv(1024)
print response2.strip()
domain = response.split("250 ")[1]
#domain = c.split(" ESMTP")[0]
print "using domain " + domain
print "[*] Trying user " + user.strip()
s.send('RCPT To:' + user.strip() + '@' + domain + '\r\n')
response3 = s.recv(1024)
print response3.strip()
if VRFY_OK in response3:
print "[#] User " + user.strip() + " VERIFIED OK!"
os.system("echo user " + user.strip() + " on " + target + " is verified OK >> report")
else:
print "user " + user.strip() + " not found\n"
s.send('QUIT\r\n')
resp = s.recv(1024)
print resp
except:
print "Postfix Error"
finally:
s.close()
else:
try:
print "[*] Trying user " + user.strip()
s.send('VRFY bob\r\n')
#s.send('VRFY ' + user.strip() + '\r\n')
result = s.recv(1024)
if VRFY_OK in result:
print "[#] User " + user.strip() + " VERIFIED OK!"
os.system("echo user " + user.strip() + " on " + target + " is verified OK >> report")
print result.strip()
s.send('QUIT\r\n')
resp = s.recv(1024)
except Exception as e:
print("1 - something's wrong with %s:str(%d). Exception is %s" % (target,port, e))
finally:
s.close()
except Exception as e:
print("2 - something's wrong with %s:str(%d). Exception is %s" % (target,port, e))
sys.exit()
print "Please review any verifed accounts on the file just created named 'report'"