Re: Hydra Help

[Harry Hoffman <hhoffman () ip-solutions net>]

It would seem that the SMTP server doesn't support LOGIN, probably b/c 
the transport isn't encrypted and you aren't using STARTTLS. But it 
might be that the service doesn't support LOGIN and only supports other 
AUTH mechanisms.

Try this:
telnet <fqdn.of.your.mail.server> 25
ehlo <fqdn.of.your.client>

report back what's shown.

Cheers,
harry

maash.rajani () gmail com wrote:
> I just started using Hydra. Got a successful authentication over a pop3 service.
> Trying the same username and password over the smtp service using hydra's "smtp-auth" module.
> My understanding was hydra can try dictionary attack over an smtp service which uses NTLM hashing, my enumerationg 
> results over the listening smtp confirms that it uses NTLM authen type.
>
> Yet using Hydra gives me the following results:
>
> command: hydra -l username -p password(text) -o output.txt -v -V xxx.xxx.xxx.xxx
>
> Output Error: SMTP AUTH LOGIN error: 504 5.7.4 unrecognized authentication type 
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------