Simple IMAP Account Verification in Python

November 22nd, 2014

imaplib is a great library for handling IMAP communication. It supports both plaintext IMAP and IMAP over SSL (IMAPS) with ease. Connecting to an IMAP server is achieved as follows:

import imaplib

host = "mx.sasdataservices.com"
port = 143
ssl = 0

try:
	if ssl:
		imap = imaplib.IMAP4_SSL(host, port)
	else:
		imap = imaplib.IMAP4(host, port)
	welcomeMsg = imap.welcome
	print "IMAP Banner: %s" %(welcomeMsg)
except:
	print "Connection Failed"
	quit()

This results in the following output: “IMAP Banner: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc. See COPYING for distribution information.” Now, to log in:

username="user@email.com"
password="password"

try:
	loginMsg = imap.login(username, password)
	print "Login Message: %s" %(loginMsg[1])
except:
	print "Login Failed"
	quit()

With acceptable credentials, the response is: “Login Message: [‘LOGIN Ok.’]”. Lastly, to print a list of all mailboxes in the account:

try:
	mBoxes = imap.list()
	for mBox in mBoxes[1]:
		print mBox
except:
	print "Couldn't get Mail Boxes"
quit()

Read the rest of this entry »

Nginx, SSL & php5-fpm on Debian Wheezy

October 11th, 2014

I decided to take a break from my love affair with Apache and set up a recent development project on Nginx. I’ve seen nothing but good things in terms of speed and performance from Nginx. I decided to set up a LEMP server (Linux, Nginx, MySQL, PHP), minus the MySQL as it’s already installed on my VM host server, and plus SSL. Here’s the full setup tutorial on Debian Wheezy:

Step #1 – Installing the packages

apt-get install nginx-extras mysql-client
apt-get install php5-fpm php5-gd php5-mysql php-apc php-pear php5-cli php5-common php5-curl php5-mcrypt php5-cgi php5-memcached

MySQL can be installed into the mix with a simple:

apt-get install mysql-server

Read the rest of this entry »

Fully Automatic Wireless Hacking Station

April 26th, 2013

This article describes a working all-in-one standalone mobile wireless attack station that can perform MITM type attacks on clients automatically and without any internet access or other external connectivity or influence.

In laypersons terms; this portable battery powered device can automatically entice wireless devices to connect to it, be that iPhones/iPads, Androids and other phones or laptops and PCs. Most devices will connect to it automatically without the user even realizing. The device will provide a fake network running fake email and web servers and using some network trickery, will capture the hostname, username and password of any attempted connection and log it, along with the GPS co-ordinates of where the details were captured. This device could be used to hijack corporate and personal email logins, facebook logins, and so on.

HTTPS ActiveSync


Messing around with airbase-ng, part of the aircrack-ng suite over the last few months and researching wireless client vulnerabilities has led to an interesting proof of concept project. There are several weaknesses within the current wireless technologies in widespread use. First however, an explanation of the project. The project description was to launch a wireless man in the middle (MITM) attack, without having another end to connect the victim to. We need to create a MITM attack without having any internet access. Such an attack could theoretically be used on the tube, in locked down buildings, on the move, and so on, and without the use of a mobile data card. Built on top of a modified raspberry pwn release, although any Linux distribution would have been suitable, I have set my wireless device with a power output of 30dBm and started the following automated process:

Firstly, an airbase instance on my rtl8187 card as follows;

/usr/local/sbin/airbase-ng -c 3 wlan0 –essids “/root/pen/code/scripts/essids” -P -C 60 -I 60 -vv|grep –line-buffered¬† “directed probe request”|tee /run/probes

This starts an access point on channel 3, beaconing the SSIDs contained within /root/pen/code/scripts/essids as well as any probe requests that the access point may receive from clients looking to connect to an access point. Now, in a little more detail, regular ‘non-hidden’ access points will broadcast ‘beacons’ which are pieces of data that specify the SSID (wireless network name) as well as the supported encryption types and so on. These beacons are usually sent every 100msec. Wireless clients will send probe packets, containing the SSIDs of all wireless networks that they have stored, and asking if any of them are here.

Raspberry Pi

Raspberry Pi

The -P switch to airbase-ng will have airbase respond to all probes saying “yes, that’s me” at which point assuming the encryption or lack thereof matches the stored profile, the client will attempt to associate. Mid way through building this test however, Apple released IOS 6, and one of the changes seems that the iPhone will now only send out broadcast probes rather than directed probes, rendering the -P feature useless against them. The broadcast probe is where the device sends out a “is anyone there?” probe, and waits to see which access points reply. Most iPhones however have connected at some point to a wireless hotspot, and so the SSIDs I chose for the essids file are “Boingo Hotspot”, “BTOpenzone” and “BTWiFi” in the UK. I believe that “attwifi” is a popular one in the US.

Read the rest of this entry »

SSL increases confidence

July 9th, 2010

If you run a commerce website, you’ve probably heard about SSL certificates. Depending upon the level of certificate that you have, they verify the validity of your domain, up to detailed information about your company. An SSL certificate isn’t handy just for commerce sites, however. It’s a vital website security component for any site that deals with personal information of any sort.

These days, attacks on severs are commonplace, and website users are wary, especially when it comes to entering sensitive information. That’s where an SSL certificate comes in handy. It increases consumer confidence, and confidence of visitors in general. It shows that you’re serious about what you’re doing.
Read the rest of this entry »

Security Consultant – Man In The Middle Attacks (MITM)

October 2nd, 2009

A Man In The Middle (MITM) attack is a popular network based attack in order to hijack a connection or to sniff traffic. A MITM attack actually covers a variety of different methods. A MITM attack is literally positioning yourself as the attacker between the two communicating parties. Whether you do that via an ARP attack, some type of cryptographic attack, or a physical attack depends on the requirements and scenario. As a security consultant it is important to ensure that the network and it’s communications are as secure as possible against this type of attack. I will cover a simple physical MITM attack, then an ARP attack, and then prevention techniques.
Read the rest of this entry »

Self Signed Certificates

September 30th, 2009

SSL – ‘Secure Sockets Layer’ is an encryption protocol. How it works is beyond the scope of this article, our only concern for now is self signed certificates. Sufficient to say, that SSL is based upon public key cryptography (PKI). It makes use of a private key and a public key. Being a Linux Security Freelancer it’s important to be able to advise on when certain technologies are acceptable, and when they aren’t.

If SSL certificates rely on public key cryptography, why do we need a certificate? Simply put, the certificate is usually signed by a ‘trusted’ Certificate Authority (CA)¬† thus informing the other party that the host is who he claims to be.

Whether the certificate is signed by a CA, or not, your level of encryption and underlying SSL is the same. You might want your CSR (Certificate Signing Request) signed by a trusted CA certain instances. Most websites that use ‘SSL’ today have their certificates signed by a trusted CA. If your web visitors trust you, and your CA has verified that you are who you claim to be, then logic follows that your visitors trust your signed certificate.

You may decide to use a self signed certificate in the instance that you want your data encrypted between your host and the remote host, and know that the remote host is who he claims to be, without needing to convince anyone else of it. In the instance that you are using SSL over HTTP, your browser would warn you that the certificate has not been signed by a known authority. As long as you accept this, your connection is just as encrypted as it would have been should a trusted CA have signed it.

One often overlooked problem though is the potential for a MITM (Man In The Middle) attack. A machine between yours and the remote host could sniff but as of writing, not decrypt your data. However should he perform a MITM attack and essentially fool you into connecting to his webservice with his self signed certificate, you wouldn’t know any better.. You’d receive the same popup warning, which you’d dismiss, and begin your session with an attacker instead of the remote host you were expecting.¬† One way of confirming, is that you could inspect the certificate, and look at it’s fingerprint. How many people would do that though?

PHP – fsockopen, TCP and UDP

January 15th, 2009

PHP comes preloaded with a good socket handling function set. Using fsockopen to make HTTP connections however is in most cases obsoleted as the php-curl and set of curl functions covers more HTTP related stuff than you could ever need! fsockopen is available in both PHP4 and PHP5

Regardless, to cover the most basic usage of fsockopen, to establish a TCP connection to “mailserver” on port 110 (POP3):
Read the rest of this entry »

Diffie-Hellman Key Exchange

October 7th, 2008

Diffie-Hellman Key Exchange is a popular mathematical key exchange algorithm. It allows two parties to establish a ‘key’ over an insecure medium such as the internet. As you will see, it doesn’t matter whether the intercepting party captures each piece of transmitted information, they will not be able to break the key in any way, other than the usual brute force method.

Diffie-Hellman Key Exchange is not an encryption method, it is generally but not always used pre encryption to decide on a shared encryption key.

We will call the communicating parties Bill and Ben. Let Roger be the intercepting party. You can work out these calculations on a calculator:
Read the rest of this entry »