Teach you powerful crack E-mail passwords of three methods-vulnerability warning-the black bar safety net

2006-07-10T00:00:00
ID MYHACK58:62200610299
Type myhack58
Reporter 佚名
Modified 2006-07-10T00:00:00

Description

E-mail is not secure, in the mail sending, transmitting and receiving the whole process of each link is there may be a weak link, a malicious user if the use of their vulnerability, it is possible to easily hack the account to get mail content.

First, the use of the mail serveroperating systemvulnerabilities The mail server software is run in a particularoperating system, such as Linux, Windows NT/2 0 0 0 etc. Theseoperating systemthe default installation and configuration is insecure, a hacker can easily invade the system, get all the user name and password.

1 Windows Server

If it is based on Windows 2000 Exchange Mail Server, the system itself does not do any security configuration, open a number of services. The intruder can use the terminal server combined Chinese input method vulnerability or IIS Buffer Overflow program to obtain Administrator privileges, to use pwduMP3 to export the Hash of the password, and then use L0pht to mount dictionary or Brute Force can crack the user password. Based on experience, if the password is simple, within minutes you can crack out, the length of 8 bits and the following with Brute Force the way in one day will be able to understand.

2 Linux/UNIX servers

UNIX-like systems generally use Sendmail as the mail system, in obtaining the control of the system, with John and other software will be able from/etc/passwd or/etc/shadow, cracked the passwords. If using a database to store user information and password, it is very easy to be exported.

Second, the use of the mail server software itself, the vulnerability

The most common mail server programs are Sendmail And Qmail, etc., in different degree in the presence of security flaws. In Sendmail, for example, then the previous old version, telnet to the 2 5 port, enter the wiz, and then enter the shell, you can get a rootshell, there is a debug command, it can obtain root privileges. Qmail is relatively Sendmail security, but Qpoper the presence of Buffer Overflow defects, to be able to remotely get a rootshell, and then control the system.

Even if the mail server is secure, but intruders also can get more information such as the user name. telnet to 2 5 port, enter expn tom or vrfy tom will be able to query the system whether there is a tom user. The latest version of Sendmail while have disabled the two commands, but you can fake the sender and then use rcpt to to determine whether the user exists. To give a user name, you can telnet to 1 1 0 port, try a simple password to connect, or apply the dictionary to crack.

Therefore, we must ban non-local domain relay(relay), or the use of now a lot of ISP are using to SMTP plus a letter of authentication modules, this can enhance Mail Security on the server.

In addition to the POP3 reception outside, the more popular is the WEB interface handling messages. This approach is also not without weakness, generally through a CGI to accept the user to pass the form form parameters, including the username and password, if correct, you can enter the processing message page. Crack known the user password, there are multiple sets of dictionary or violence a combination of the software available, the more famous is the small Banyan Tree of the Su snow, in password simple cases, soon have the results.

The WEB mail system has a“Forgot Password”option, if you can crack the return the password to another mailbox or to guess, prompt the answer to the question, can also be successful.

Third, in the mail transmission process tapping

In the network install a Sniffer, the designated monitor external server 1 1 0 port data packets sent from the collection down the information of the viewing user and pass after the string you can see the username and the corresponding password.