[foofus-tools] Medusa: IMAP STARTTLS

jmk jmk at foofus.net
Thu May 5 12:39:29 PDT 2011 

The snmp module is a completely different beast from the other modules,
since we send a bunch of checks and then sit back and wait for
responses. Code/logic in that module probably won't apply well to the
others. 

Does this disconnect occur after a few successful password checks? If
so, I'm assuming you're running into some anti-brute force mechanism in
the service. The medusaCheckSocket() call in the imap module is intended
to deal with these situations and see if we need to restart everything.
It may be that you need to increase the wait within that call:

medusa-net.c 
medusaCheckSocket()
line 694: if (medusaDataReadyTimed(socket, 0, 1) == 0)

I'd try upping the 3rd parameter there from 1 to 100 or 1000. This is a
configurable option now in my development tree, which I'm only 5 months
behind target on releasing...

Joe

On Thu, 2011-05-05 at 15:20 -0400, Mathew Rowley wrote:
> Thanks... Before I start writing an option for IMAP - TIMEOUT, is there
> any way to change it in the base code? I can see that SNMP has a TIMEOUT
> option that sets nReadTimeout.
> 
> I am having problems getting with a slow IMAP server, and medusa is
> failing, and sending a FINACK before it gets a response...
> 
> 
> On 5/5/11 2:57 PM, jmk wrote:
> > Hi Mathew,
> > 
> > On Thu, 2011-05-05 at 14:37 -0400, Mathew Rowley wrote:
> >> Is there a command line to force IMAP STARTTLS? I am getting the
> >> following error:
> > 
> > No. Is IMAPS (993/tcp) open? You could use the "-s" option and just go
> > SSL the whole way. 
> > 
> >> $ medusa -h HOST.com -u 'USER at HOST.com' -P password.lst -M imap -v 100
> >> -n 143
> >> Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
> >> <jmk at foofus.net>
> >>
> >> GENERAL: Parallel Hosts: 1 Parallel Logins: 1
> >> GENERAL: Total Hosts: 1
> >> GENERAL: Total Users: 1
> >> GENERAL: Total Passwords: 3169
> >> ERROR: Failed to match regex pattern within server's response.
> >> ERROR: [imap.mod] Failed: No OK message received for CAPABILITY request.
> >> GENERAL: Medusa has finished.
> > 
> > If you add "-w 100" to the command-line you should see better debug
> > data. Some day I'll merge "-v/-w" and come up with a better error
> > reporting system.
> > 
> >> But I can see via tcpdump, that the response from 'CAPABILITY' is:
> >>
> >> * CAPABILITY IMAP4rev1 UIDPLUS IDLE LOGIN-REFERRALS NAMESPACE QUOTA
> >> CHILDREN AUTH=DIGEST-MD5 STARTTLS LOGINDISABLED\r\n
> > 
> > It looks like we match on "OK CAPABILITY", not "* CAPABILITY". If you
> > tweak the regex in imap.c (line 404), so can probably get around this.
> > I'll make a note to rework this check to me more flexible.
> > 
> > Thanks,
> > Joe 
> > 
> > 
> > 
> > _______________________________________________
> > foofus-tools mailing list
> > foofus-tools at lists.foofus.net
> > http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net
> _______________________________________________
> foofus-tools mailing list
> foofus-tools at lists.foofus.net
> http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net

More information about the foofus-tools mailing list