Fri. Sep 20th, 2019

Ethical Hacking Playground

hacking is curiosity

Bruteforcing Email Accounts With Specter.py

2 min read

Hi Friends, I’m going to be talking about how to bruteforce an email account.

Theory Behind Bruteforcing

Bruteforcing a password is very simple, but very time to consuming, the way it works is that you use a dictionary and attempt to log in to the server with each password in the dictionary.

Dictionaries or wordlists are a text file with a whole list of potential passwords, wordlists  can be generated with tools such as,

Cupp

https://github.com/Mebus/cupp

Crunch

https://sourceforge.net/projects/crunch-wordlist/

BEWGor

https://github.com/berzerk0/BEWGor

Once there is a successful login then it will return the password.

Rule of Thumb

The larger the wordlist, the greater the chance of retrieving the password but it takes longer.

The smaller the wordlist, the less chance of retrieving the password but takes less time.

Why Is Gmail So Hard To Crack?

some services like Gmail use a feature called less secure apps, which prevents brute-forcing attacks, with this turned off you will get a lot of false positives but, on the other hand, if it’s turned on you will be able to brute-force a Gmail password.

Setting up Specter Bruteforcer

https://github.com/ethicalhackingplayground/specter

Download specter from GitHub with the following command.

download_specter

Install Specter

git clone https://github.com/ethicalhackingplayground/specter.git
python setup.py

How to use it?

This command will show you the arguments that are needed.

python specter.py -h

specter_help

 

python specter.py --username "email" --wordlist "wordlist" --server "smtp server" --port "smtp port" --verbosity "level"

 

specter_gmail_attack_progress

If you have any questions or problems please feel free to comment.



Advertisements

Leave a Reply