Hi Friends, I’m going to be talking about how to bruteforce an email account.
Theory Behind Bruteforcing
Bruteforcing a password is very simple, but very time to consuming, the way it works is that you use a dictionary and attempt to log in to the server with each password in the dictionary.
Dictionaries or wordlists are a text file with a whole list of potential passwords, wordlists can be generated with tools such as,
Once there is a successful login then it will return the password.
Rule of Thumb
The larger the wordlist, the greater the chance of retrieving the password but it takes longer.
The smaller the wordlist, the less chance of retrieving the password but takes less time.
Why Is Gmail So Hard To Crack?
some services like Gmail use a feature called less secure apps, which prevents brute-forcing attacks, with this turned off you will get a lot of false positives but, on the other hand, if it’s turned on you will be able to brute-force a Gmail password.
Setting up Specter Bruteforcer
Download specter from GitHub with the following command.
git clone https://github.com/ethicalhackingplayground/specter.git
How to use it?
This command will show you the arguments that are needed.
python specter.py -h
python specter.py --username "email" --wordlist "wordlist" --server "smtp server" --port "smtp port" --verbosity "level"