mirror of
https://github.com/nmap/nmap.git
synced 2025-12-07 13:11:28 +00:00
3c89e089fc
socket:connect(host.ip, port.number) socket:connect(host.ip, port.number, port.protocol) to this: socket:connect(host, port) connect can take host and port tables now, and the default protocol is taken from the port table if possible.
107 lines
2.6 KiB
Lua
107 lines
2.6 KiB
Lua
description = [[
|
|
Tries to log into a POP3 account by guessing usernames and passwords.
|
|
]]
|
|
|
|
---
|
|
-- @args pop3loginmethod The login method to use: <code>"USER"</code>
|
|
-- (default), <code>"SASL-PLAIN"</code>, <code>"SASL-LOGIN"</code>,
|
|
-- <code>"SASL-CRAM-MD5"</code>, or <code>"APOP"</code>.
|
|
--
|
|
-- @output
|
|
-- PORT STATE SERVICE
|
|
-- 110/tcp open pop3
|
|
-- | pop3-brute: root : password
|
|
|
|
author = "Philip Pickering"
|
|
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
|
|
|
|
categories = {"intrusive", "auth"}
|
|
|
|
require 'pop3'
|
|
require 'shortport'
|
|
require 'unpwdb'
|
|
|
|
portrule = shortport.port_or_service({110, 995}, {"pop3","pop3s"})
|
|
|
|
action = function(host, port)
|
|
local pMeth = nmap.registry.args.pop3loginmethod
|
|
if (not pMeth) then pMeth = nmap.registry.pop3loginmethod end
|
|
if (not pMeth) then pMeth = "USER" end
|
|
|
|
local login
|
|
local additional
|
|
|
|
local stat = pop3.stat
|
|
|
|
if (pMeth == "USER") then
|
|
login = pop3.login_user
|
|
elseif (pMeth == "SASL-PLAIN") then
|
|
login = pop3.login_sasl_plain
|
|
elseif (pMeth == "SASL-LOGIN") then
|
|
login = login_sasl_login
|
|
elseif (pMeth == "SASL-CRAM-MD5") then
|
|
login = login_sasl_crammd5
|
|
elseif (pMeth == "APOP") then
|
|
login = login_apop
|
|
end
|
|
|
|
|
|
local status
|
|
local line
|
|
local socket = nmap.new_socket()
|
|
local opts = {timeout=10000, recv_before=true}
|
|
|
|
local socket, nothing, bopt, line = comm.tryssl(host, port, "" , opts)
|
|
|
|
if not socket then return end -- no connection
|
|
if not stat(line) then return end -- no pop-connection
|
|
|
|
local apopChallenge = string.match(line, "<[%p%w]+>")
|
|
|
|
if pMeth == "APOP" then
|
|
additional = apopChallenge
|
|
end
|
|
|
|
local getUser
|
|
local _
|
|
|
|
status, getUser = unpwdb.usernames()
|
|
if (not status) then return end
|
|
|
|
|
|
local currUser = getUser()
|
|
while currUser do
|
|
local getPW
|
|
status, getPW = unpwdb.passwords()
|
|
if (not status) then return end
|
|
|
|
local currPw = getPW()
|
|
|
|
while currPw do
|
|
local pstatus
|
|
local perror
|
|
|
|
pstatus, perror = login(socket, currUser, currPw, additional)
|
|
|
|
if (pstatus) then
|
|
return currUser .. " : " .. currPw
|
|
elseif (perror == pop3.err.pwError) then
|
|
currPw = getPW()
|
|
elseif (perror == pop3.err.userError) then
|
|
currPw = nil
|
|
else
|
|
local socstatus = socket:connect(host, port, bopt)
|
|
if not socstatus
|
|
then return
|
|
else _, line = socket:receive()
|
|
if not stat(line) then return end -- no connection
|
|
end
|
|
end
|
|
end
|
|
currUser = getUser()
|
|
getPW("reset")
|
|
end
|
|
return -- "wrong pw"
|
|
|
|
end
|