Fake SMTP Server

[Dudeman02379]

Are there any tools that come preloaded on backtrack that can setup a dummy smtp server that will accept and record emails? So let's say there is a mail server on my LAN. Then let's say I use a MITM attack so the mail server would deliver mail to my computer instead of any other servers on the internet. I would want my computer to listen on port 25 and respond to the SMTP commands then record the content of the emails either in a database or in text files. I think this is somewhat common in the world of malware analysis.

I know tools like this exist and have found some on the internet but I can't find any preloaded on BT5. Please let me know if I'm just not looking hard enough!

[snafu777]

you can always do apt-get....most common pentest tools are in the repository, I'm sure with enuf searching you'd very likely find one...

http://quintanasoft.com/dumbster/#Download

-or-

USE this....

Code:

#!/usr/bin/env python
"""A noddy fake smtp server."""

import smtpd
import asyncore

class FakeSMTPServer(smtpd.SMTPServer):
    """A Fake smtp server"""

    def __init__(*args, **kwargs):
        print "Running fake smtp server on port 25"
        smtpd.SMTPServer.__init__(*args, **kwargs)

    def process_message(*args, **kwargs):
        pass

if __name__ == "__main__":
    smtp_server = FakeSMTPServer(('localhost', 25), None)
    try:
        asyncore.loop()
    except KeyboardInterrupt:
        smtp_server.close()




chmod +x fake_smtp.py
sudo ./fake_smtp.py

sudo python -m smtpd -n -c DebuggingServer localhost:25

To test this out we can use telnet like so:

$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 localhost6.localdomain6 Python SMTP proxy version 0.2
HELO localhost
250 localhost6.localdomain6
MAIL FROM: test@test.com
250 Ok
RCPT TO: test@testing.com
250 Ok
DATA
354 End data with .
subject: Hello
to: test@test.com
This is my message
.
250 Ok
QUIT
221 Bye
Connection closed by foreign host.

Over on the terminal running the debugging server you should see the following:

$ sudo python -m smtpd -n -c DebuggingServer localhost:25
[sudo] password for moo:
---------- MESSAGE FOLLOWS ----------
subject: Hello
to: test@test.com
This is my message
------------ END MESSAGE ------------

No, I do not claim credit for this. I simply found it at:
http://muffinresearch.co.uk/archives...r-with-python/


V/r,
Snafu
Pffbt..

[Dudeman02379]

Thanks for that. I have found some solutions that work fine for me. I just wanted to make sure I wasn't missing a pre-loaded application that I could be taking advantage of.

[algemy]

Fast question on this, I want my windows machine (outlook) to connect to BT5 as my mail server. BT5 would log all sent emails from windows, so I can view them later. However neither machine would be connected to the internet, instead I should be able to send email messages to the windows machine using smtp commands (telnet whatever 25; HELO, RCPT, DATA, and so on). I tried setting up outlook to point to bt.foo.org (BT5) as the smtp.server, however, it keeps failing because it is trying to authenticate. Do I need to add the windows user to backtrack? or is there another way around this. Also I installed postfix on BT5, but because of the above issue, I am not so sure if it is working properly. If there is another way on doing this, please let me know.

The reason for this is for testing purpose.

[algemy]

Fast question on this, I want my windows machine (outlook) to connect to BT5 as my mail server. BT5 would log all sent emails from windows, so I can view them later. However neither machine would be connected to the internet, instead I should be able to send email messages to the windows machine using smtp commands (telnet whatever 25; HELO, RCPT, DATA, and so on). I tried setting up outlook to point to bt.foo.org (BT5) as the smtp.server, however, it keeps failing because it is trying to authenticate. Do I need to add the windows user to backtrack? or is there another way around this. Also I installed postfix on BT5, but because of the above issue, I am not so sure if it is working properly. If there is another way on doing this, please let me know.

I did try running the fake smtp script below on BT5, but because of the authentication issue, not so sure if it works

The reason for this is for testing purpose.