Brute forcing POP3 passwords
by Paulino Calderon Pale
Nmap 6: Network Exploration and Security Auditing Cookbook
- Nmap 6: Network Exploration and Security Auditing Cookbook
- Table of Contents
- Nmap 6: Network Exploration and Security Auditing Cookbook
- Credits
- About the Author
- Acknowledgement
- About the Reviewers
- www.PacktPub.com
- Preface
- 1. Nmap Fundamentals
- Introduction
- Downloading Nmap from the official source code repository
- Compiling Nmap from source code
- Listing open ports on a remote host
- Fingerprinting services of a remote host
- Finding live hosts in your network
- Scanning using specific port ranges
- Running NSE scripts
- Scanning using a specified network interface
- Comparing scan results with Ndiff
- Managing multiple scanning profiles with Zenmap
- Detecting NAT with Nping
- Monitoring servers remotely with Nmap and Ndiff
- 2. Network Exploration
- Introduction
- Discovering hosts with TCP SYN ping scans
- Discovering hosts with TCP ACK ping scans
- Discovering hosts with UDP ping scans
- Discovering hosts with ICMP ping scans
- Discovering hosts with IP protocol ping scans
- Discovering hosts with ARP ping scans
- Discovering hosts using broadcast pings
- Hiding our traffic with additional random data
- Forcing DNS resolution
- Excluding hosts from your scans
- Scanning IPv6 addresses
- Gathering network information with broadcast scripts
- 3. Gathering Additional Host Information
- Introduction
- Geolocating an IP address
- Getting information from WHOIS records
- Checking if a host is known for malicious activities
- Collecting valid e-mail accounts
- Discovering hostnames pointing to the same IP address
- Brute forcing DNS records
- Fingerprinting the operating system of a host
- Discovering UDP services
- Listing protocols supported by a remote host
- Discovering stateful firewalls by using a TCP ACK scan
- Matching services with known security vulnerabilities
- Spoofing the origin IP of a port scan
- 4. Auditing Web Servers
- Introduction
- Listing supported HTTP methods
- Checking if an HTTP proxy is open
- Discovering interesting files and directories on various web servers
- Brute forcing HTTP authentication
- Abusing mod_userdir to enumerate user accounts
- Testing default credentials in web applications
- Brute-force password auditing WordPress installations
- Brute-force password auditing Joomla! installations
- Detecting web application firewalls
- Detecting possible XST vulnerabilities
- Detecting Cross Site Scripting vulnerabilities in web applications
- Finding SQL injection vulnerabilities in web applications
- Detecting web servers vulnerable to slowloris denial of service attacks
- 5. Auditing Databases
- Introduction
- Listing MySQL databases
- Listing MySQL users
- Listing MySQL variables
- Finding root accounts with empty passwords in MySQL servers
- Brute forcing MySQL passwords
- Detecting insecure configurations in MySQL servers
- Brute forcing Oracle passwords
- Brute forcing Oracle SID names
- Retrieving MS SQL server information
- Brute forcing MS SQL passwords
- Dumping the password hashes of an MS SQL server
- Running commands through the command shell on MS SQL servers
- Finding sysadmin accounts with empty passwords on MS SQL servers
- Listing MongoDB databases
- Retrieving MongoDB server information
- Listing CouchDB databases
- Retrieving CouchDB database statistics
- 6. Auditing Mail Servers
- Introduction
- Discovering valid e-mail accounts using Google Search
- Detecting open relays
- Brute forcing SMTP passwords
- Enumerating users in an SMTP server
- Detecting backdoor SMTP servers
- Brute forcing IMAP passwords
- Retrieving the capabilities of an IMAP mail server
- Brute forcing POP3 passwords
- Retrieving the capabilities of a POP3 mail server
- Detecting vulnerable Exim SMTP servers version 4.70 through 4.75
- 7. Scanning Large Networks
- Introduction
- Scanning an IP address range
- Reading targets from a text file
- Scanning random targets
- Skipping tests to speed up long scans
- Selecting the correct timing template
- Adjusting timing parameters
- Adjusting performance parameters
- Collecting signatures of web servers
- Distributing a scan among several clients using Dnmap
- 8. Generating Scan Reports
- Introduction
- Saving scan results in normal format
- Saving scan results in an XML format
- Saving scan results to a SQLite database
- Saving scan results in a grepable format
- Generating a network topology graph with Zenmap
- Generating an HTML scan report
- Reporting vulnerability checks performed during a scan
- 9. Writing Your Own NSE Scripts
- Introduction
- Making HTTP requests to identify vulnerable Trendnet webcams
- Sending UDP payloads by using NSE sockets
- Exploiting a path traversal vulnerability with NSE
- Writing a brute force script
- Working with the web crawling library
- Reporting vulnerabilities correctly in NSE scripts
- Writing your own NSE library
- Working with NSE threads, condition variables, and mutexes in NSE
- A. References
- Index
E-mail accounts store sensitive information. Penetration testers auditing mail servers must test for weak passwords that could help attackers compromise important accounts.
This recipe shows you how to perform brute force password auditing against POP3 mail servers by using Nmap.
To launch a dictionary attack against POP3 by using Nmap, enter the following command:
$ nmap -p110 --script pop3-brute <target>
Any valid accounts will be listed under the script output section:
PORT STATE SERVICE 110/tcp open pop3 | pop3-brute: webmaster : abc123 |_acc1 : password
pop3-brute was submitted by Philip Pickering and it performs brute force password auditing against POP3 mail servers. By default, it uses the wordlists /nselib/data/usernames.lst and /nselib/data/passwords.lst as username and password combinations.
The script pop3-brute depends on the NSE library unpwdb. This library has several script arguments that can be used to tune your brute force password auditing.
- To use different username and password lists, set the arguments
userdbandpassdb:$ nmap -p110 --script pop3-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt <target> - To set a different timeout limit, use the argument
unpwd.timelimit. To run it indefinitely, set it to0:$ nmap -p110 --script pop3-brute --script-args unpwdb.timelimit=0 <target> $ nmap -p110 --script pop3-brute --script-args unpwdb.timelimit=60m <target>
- The Discovering valid e-mail accounts using Google Search recipe
- The Brute forcing SMTP passwords recipe
- The Enumerating users in an SMTP server recipe
- The Detecting backdoor SMTP servers recipe
- The Brute forcing IMAP passwords recipe
- The Retrieving the capabilities of an IMAP mail server recipe
- The Brute forcing POP3 passwords recipe
- The Retrieving the capabilities of a POP3 mail server recipe
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.