Results 1 to 9 of 9

Thread: smtp attacks

  1. #1
    Junior Member
    Join Date
    Nov 2008
    Posts
    38

    Default smtp attacks

    I got set up with an smtp account and wanted to run hydra on it to test my pw. I couldn't get it to work, first i tried to give it my username and password but it didn't get it?? I was also looking at pirana.pl and i can't seem to get that to work either...the server is with "1and1" if that means anythnig..
    Is there some tuts in detail that i could be pointed to??
    this is what i put in hydra

    hydra -L Small -P Small -f smtp.1and1.com smtp-auth

    did i do something wrong??

  2. #2
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    well you SHOULD get throttled by any good SMTP server ..

    * check it for open relay
    * check for version or just run autopwn on it or something

    I know for me I needed ssl libs for smtp auth for postfix so you may need some libs to do smtp auth I dont think hydra supports it ?

    xhydra works fine !


  3. #3
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by UG_Cyber View Post
    I got set up with an smtp account and wanted to run hydra on it to test my pw. I couldn't get it to work, first i tried to give it my username and password but it didn't get it?? I was also looking at pirana.pl and i can't seem to get that to work either...the server is with "1and1" if that means anythnig..
    Is there some tuts in detail that i could be pointed to??
    this is what i put in hydra

    hydra -L Small -P Small -f smtp.1and1.com smtp-auth

    did i do something wrong??
    Unless you own that server, you shouldn't be 'testing' your password against it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #4
    Junior Member
    Join Date
    Nov 2008
    Posts
    38

    Default

    Is it illeagle to test my own account??

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Unless you own that server, you shouldn't be 'testing' your password against it.
    I thought streaker statement was pretty clear but just in case you didn't see it I have highlighted the pertinent part.

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by UG_Cyber View Post
    Is it illeagle to test my own account??
    It is not YOUR account. You are merely paying for the access to use the account. The person that owns the account is the person that owns the mail server. You have no right to be conducting 'tests' against someone else's property. It's really quite simple, even a caveman can understand it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    well everything is illegal to be honest ... im sure me typing this post is some how illegal. They make everything illegal and decide what to pen people for when you piss them off ... lets not waste time telling people what is wrong or right .. just about anything you #$%^ing do now days is illegal. * I know from small experience *

    more important is what you can get caught for .. like dossing or brute forcing stuff that you don't have permission to 'attack'

    I I have a script that logs attacks on my sever and I nmap/attack the host

    if you poke me ill punch back hoe !

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by operat0r View Post
    well everything is illegal to be honest ... im sure me typing this post is some how illegal. They make everything illegal and decide what to pen people for when you piss them off ... lets not waste time telling people what is wrong or right .. just about anything you #$%^ing do now days is illegal. * I know from small experience *

    more important is what you can get caught for .. like dossing or brute forcing stuff that you don't have permission to 'attack'

    I I have a script that logs attacks on my sever and I nmap/attack the host

    if you poke me ill punch back hoe !
    wow, just wow.

    So, poor ol' grannies computer has been compromised by something and shows up in your logs, and you retaliate by attacking poor little grannies computer?

    Ever hear that two wrongs don't make a right? You have no right to be counter attacking a machine that attacked you.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    Junior Member
    Join Date
    Nov 2008
    Posts
    38

    Default

    Ya, but three rights make a left =P
    Ok, so dont do it.....i got it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •