Bugtraq mailing list archives
RE: Remote SMTP authentication audit tool?
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Fri, 4 Jun 2004 12:46:51 +1200
-----Original Message----- From: Evans, Arian [mailto:Arian.Evans () fishnetsecurity com] Sent: Friday, 4 June 2004 3:24 a.m. To: Byron Pezan Cc: bugtraq () securityfocus com Subject: RE: Remote SMTP authentication audit tool? If you want to test your server like a spammer via actual SMTP authentication brute forcing, there are several scripts out there like Brutus.pl: http://www.0xdeadbeef.info/ (most the spammer scripts have short dictionary lists that contain your usual admin\admin, backup\null, backup\backup, etc.)
That is just remote login brute force, which relies on VRFY, so it won't work with any "hardened" MTA. It doesn't brute force SMTP AUTH. I'm not aware of any application that does SMTP AUTH brute force, I thought Hydra would do it but nah. It isn't too difficult to create one though, just check some MTAs code. Cheers, Bojan Zdrnja CISSP
Current thread:
- Remote SMTP authentication audit tool? Byron Pezan (Jun 02)
- <Possible follow-ups>
- RE: Remote SMTP authentication audit tool? Evans, Arian (Jun 03)
- RE: Remote SMTP authentication audit tool? Bojan Zdrnja (Jun 04)