这里实现一个SMTP的暴力破解程序,实验搭建的是postfix服务器,猜解用户名字典(user.txt)和密码字典(password.txt)中匹配的用户名密码对,
程序开发环境是:
WinXP VC6.0
参考资料:
SMTP-E-mail密码暴力破解: http://www.redicecn.com/html/yuanchuangchengxu/20090226/39.html
Encoding and decoding base 64 with c++: http://renenyffenegger.ch/notes/development/Base64/Encoding-and-decoding-base-64-with-cpp
这里要首先说明的是,参考资料“SMTP-E-mail密码暴力破解”中的base64算法存在问题,不能得到正确的结果,于是在网上找到了一个可以使用的base64的C++版的算法实现。而且,这个程序只能一次暴力猜解单个账户的密码。
另外提供一个在线的base64编码/解码以供检测: http://www1.tc711.com/tool/BASE64.htm
一、实验环境说明
实验采用的是postfix服务器,关于邮件服务器的搭建这里就不做说明,需要费些功夫,网上也有很多的参考资料。
邮箱域名是: mail.starnight.com SMTP端口:25
邮箱服务器内网地址是: 192.168.1.107 -- mail.starnight.com
我们需要先修改一下hosts文件的内容: C:WINDOWSsystem32driversetchosts -- winxp (其他系统请自己查找hosts文件位置)
增加如下记录:格式如:
your-ip-address domain-name
192.168.1.107 mail.starnight.com
telnet上邮箱服务器(mail.starnight.com)的25号端口,并进行用户名密码验证。
telnet mail.starnight.com 25
【说明】
1、helo/ehlo: 类似于跟远程服务器打招呼,但ehlo返回的消息更为丰富。
2、进行用户名密码认证:
auth login // 用户认证, 明文 334 VXNlcm5hbWU6 // 服务器回传 状态码334 base64编码后的Username: dGVzdDE= // base64编码的"test1" 334 UGFzc3dvcmQ6 // 服务器回传 状态码334 base64编码后的Password:
MTIzNDU2 // base64编码的"123456"
235 2.7.0 Authentication successful //服务器回传状态吗235 认证成功
二、 Base64编码/解码算法C++实现
这里可以直接参考上面给出的链接,为了避免存在可能访问不了的情况,现斗胆照搬过来:
1、base64.h
#include <string> std::string base64_encode(unsigned char const* , unsigned int len); std::string base64_decode(std::string const& s);
2、base64.cpp
/* base64.cpp and base64.h Copyright (C) 2004-2017 René Nyffenegger This source code is provided 'as-is', without any express or implied warranty. In no event will the author be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this source code must not be misrepresented; you must not claim that you wrote the original source code. If you use this source code in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original source code. 3. This notice may not be removed or altered from any source distribution. René Nyffenegger rene.nyffenegger@adp-gmbh.ch */ #include "base64.h" #include <iostream> static const std::string base64_chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" "0123456789+/"; static inline bool is_base64(unsigned char c) { return (isalnum(c) || (c == '+') || (c == '/')); } std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) { std::string ret; int i = 0; int j = 0; unsigned char char_array_3[3]; unsigned char char_array_4[4]; while (in_len--) { char_array_3[i++] = *(bytes_to_encode++); if (i == 3) { char_array_4[0] = (char_array_3[0] & 0xfc) >> 2; char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4); char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6); char_array_4[3] = char_array_3[2] & 0x3f; for(i = 0; (i <4) ; i++) ret += base64_chars[char_array_4[i]]; i = 0; } } if (i) { for(j = i; j < 3; j++) char_array_3[j] = '