IMAP

/Tag:IMAP

Simple IMAP Account Verification in Python

imaplib is a great library for handling IMAP communication. It supports both plaintext IMAP and IMAP over SSL (IMAPS) with ease. Connecting to an IMAP server is achieved as follows: import imaplib host = "mx.sasdataservices.com" port = 143 ssl = 0 try: if ssl: imap = imaplib.IMAP4_SSL(host, port) else: imap = imaplib.IMAP4(host, port) welcomeMsg = imap.welcome print "IMAP Banner: %s" %(welcomeMsg) except: print "Connection Failed" quit() This results in the following output: “IMAP Banner: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc. See COPYING for distribution information.” Now, to log in: username="user@email.com" password="password" try: loginMsg = imap.login(username, password) print "Login Message: %s" %(loginMsg[1]) except: print "Login Failed" quit() With acceptable credentials, the response is: “Login Message: [‘LOGIN Ok.’]”. Lastly, to print a list of all mailboxes in the account: try: mBoxes = imap.list() for mBox in mBoxes[1]: print mBox except: print "Couldn’t get Mail Boxes" quit() […]

By | November 22nd, 2014|Python|0 Comments

Fully Automatic Wireless Hacking Station

This article describes a working all-in-one standalone mobile wireless attack station that can perform MITM type attacks on clients automatically and without any internet access or other external connectivity or influence. In laypersons terms; this portable battery powered device can automatically entice wireless devices to connect to it, be that iPhones/iPads, Androids and other phones or laptops and PCs. Most devices will connect to it automatically without the user even realizing. The device will provide a fake network running fake email and web servers and using some network trickery, will capture the hostname, username and password of any attempted connection and log it, along with the GPS co-ordinates of where the details were captured. This device could be used to hijack corporate and personal email logins, facebook logins, and so on. Messing around with airbase-ng, part of the aircrack-ng suite over the last few months and researching wireless client vulnerabilities has led to an interesting proof of concept project. There are several weaknesses within the current wireless technologies in widespread use. First however, an explanation of the project. The project description was to launch a wireless man in the middle (MITM) attack, without having another end to connect the victim to. We need to create a MITM attack without having any internet access. Such an attack could theoretically be used on the tube, in locked down buildings, on the move, and so on, and without the use of a mobile data card. Built on top of a modified raspberry pwn release, although any Linux distribution would have been suitable, I have set my wireless device with a power output of 30dBm and started the following automated process: Firstly, an airbase instance on my rtl8187 card as follows; /usr/local/sbin/airbase-ng -c 3 wlan0 –essids “/root/pen/code/scripts/essids” -P -C 60 -I 60 -vv|grep –line-buffered  “directed probe request”|tee /run/probes This starts an access point on channel 3, beaconing the SSIDs contained within /root/pen/code/scripts/essids as well as any probe requests that the access point may receive from clients looking to connect to an access point. Now, in a little more detail, regular ‘non-hidden’ access points will broadcast ‘beacons’ which are pieces of data that specify the SSID (wireless network name) as well as the supported encryption types and so on. These beacons are usually sent every 100msec. Wireless clients will send probe packets, containing the SSIDs of all wireless networks that they have stored, and asking if any of them are here. The -P switch to airbase-ng will have airbase respond to all probes saying “yes, that’s me” at which point assuming the encryption or lack thereof matches the stored profile, the client will attempt to associate. Mid way through building this test however, Apple released IOS 6, and one of the changes seems that the iPhone will now only send out broadcast probes rather than directed probes, rendering the -P feature useless against them. The broadcast probe is where the device sends out a “is anyone there?” probe, and waits to see which access points reply. Most iPhones however have connected at some point to a wireless hotspot, and so the SSIDs I chose for the essids file are “Boingo Hotspot”, “BTOpenzone” and “BTWiFi” in the UK. I believe that “attwifi” is a popular one in the US. […]

By | April 26th, 2013|Linux, Perl, Projects, Raspberry Pi, Security Consultant, Wireless|18 Comments

Linux – Exim, Avenger and SpamAssassin Tips

Further to Exim, MySQL, Courier IMAP, Courier POP3 & Spamassassin – vdomain and vuser set up, I’ve recently been receiving an increasing amount of spam, and have finally decided to take some positive action. Previously, my account would get hit with about 100 to 150 per day, of which 2 or 3 might get through. Lately, this has quickly increased to about 700+ of which at least 20 to 30 have been getting through, and I’ve been doing nothing but clearing spam day and night for the past few weeks. It is, however, critital that I do not catch any genuine email – I would rather keep on the side of caution and be more generous than not. […]

By | September 17th, 2009|Linux, Technology|0 Comments

Some simple filtering and sniffing with tcpdump

tcpdump is one of the best network debugging tools available. In it’s most basic form, it will print network traffic in terms of a source and destination address to the console, more advanced uses include printing out captured ASCII and simple but powerful filtering. tcpdump -ieth0 -n # Start tcpdump listening on interface eth0, and do not attempt to resolve IP addresses to hostnames ( -n ). What we see is: 20:51:40.848211 IP 217.10.X.X.22 > 93.97.Y.Y.52381: P 76216:76364(148) ack 261 win 8576 20:51:40.853726 IP 93.97.Y.Y.52381 > 217.10.X.X.22: . ack 59548 win 16848 And this is repeated over and over. Now this is a feedback loop. As we are connected via port 22 (SSH), this loop will continue, and we must therefore filter it out: tcpdump -ieth0 -n tcp port not 22 Now we can cleanly monitor traffic. What happens though if we want to view SSH traffic, but not our own? tcpdump -ieth0 -n tcp port not 22 and host not 93.97.Y.Y We can build this filter up as much as we wish. Let’s start watching HTTP (tcp port 80) traffic only: tcpdump -ieth0 -n tcp port 80 Finally, let’s set the ‘snaplen’ to 1500 bytes, and print out the captured data in ASCII: tcpdump -ieth0 -n tcp port 80 -A -s1500 20:56:25.260143 IP 217.10.X.X.80 > 88.110.Y.Y.51171: P 1:550(549) ack 172 win 1728 E..Mn @.@..w. ..Xn!..P….’@…P…3…HTTP/1.1 404 Not Found Date: Mon, 15 Dec 2008 21:05:17 GMT Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 Content-Length: 313 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /favicon.ico was not found on this server.</p> <hr> <address>Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 Server at www.[HIDDEN].com Port 80</address> </body></html> And from this we can see all HTTP traffic. As you can see, it’s that easy to capture and decode plaintext traffic. We can do the same on port 110 (POP3): […]

By | December 15th, 2008|Technology|2 Comments