[foofus-tools] Medusa: IMAP STARTTLS
Mathew Rowley
mathew.rowley at gmail.com
Thu May 5 12:43:20 PDT 2011
Nope, its not getting a single check, tcpdump has these timestamps:
0 -> 1 CAPABILITY
0.001027 -> FIN, ACK
If I simply telent in, it seems to take about 0.5 seconds to reply...
This is giving essentially .001 seconds.
On 5/5/11 3:39 PM, jmk wrote:
> The snmp module is a completely different beast from the other modules,
> since we send a bunch of checks and then sit back and wait for
> responses. Code/logic in that module probably won't apply well to the
> others.
>
> Does this disconnect occur after a few successful password checks? If
> so, I'm assuming you're running into some anti-brute force mechanism in
> the service. The medusaCheckSocket() call in the imap module is intended
> to deal with these situations and see if we need to restart everything.
> It may be that you need to increase the wait within that call:
>
> medusa-net.c
> medusaCheckSocket()
> line 694: if (medusaDataReadyTimed(socket, 0, 1) == 0)
>
> I'd try upping the 3rd parameter there from 1 to 100 or 1000. This is a
> configurable option now in my development tree, which I'm only 5 months
> behind target on releasing...
>
> Joe
>
> On Thu, 2011-05-05 at 15:20 -0400, Mathew Rowley wrote:
>> Thanks... Before I start writing an option for IMAP - TIMEOUT, is there
>> any way to change it in the base code? I can see that SNMP has a TIMEOUT
>> option that sets nReadTimeout.
>>
>> I am having problems getting with a slow IMAP server, and medusa is
>> failing, and sending a FINACK before it gets a response...
>>
>>
>> On 5/5/11 2:57 PM, jmk wrote:
>>> Hi Mathew,
>>>
>>> On Thu, 2011-05-05 at 14:37 -0400, Mathew Rowley wrote:
>>>> Is there a command line to force IMAP STARTTLS? I am getting the
>>>> following error:
>>>
>>> No. Is IMAPS (993/tcp) open? You could use the "-s" option and just go
>>> SSL the whole way.
>>>
>>>> $ medusa -h HOST.com -u 'USER at HOST.com' -P password.lst -M imap -v 100
>>>> -n 143
>>>> Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
>>>> <jmk at foofus.net>
>>>>
>>>> GENERAL: Parallel Hosts: 1 Parallel Logins: 1
>>>> GENERAL: Total Hosts: 1
>>>> GENERAL: Total Users: 1
>>>> GENERAL: Total Passwords: 3169
>>>> ERROR: Failed to match regex pattern within server's response.
>>>> ERROR: [imap.mod] Failed: No OK message received for CAPABILITY request.
>>>> GENERAL: Medusa has finished.
>>>
>>> If you add "-w 100" to the command-line you should see better debug
>>> data. Some day I'll merge "-v/-w" and come up with a better error
>>> reporting system.
>>>
>>>> But I can see via tcpdump, that the response from 'CAPABILITY' is:
>>>>
>>>> * CAPABILITY IMAP4rev1 UIDPLUS IDLE LOGIN-REFERRALS NAMESPACE QUOTA
>>>> CHILDREN AUTH=DIGEST-MD5 STARTTLS LOGINDISABLED\r\n
>>>
>>> It looks like we match on "OK CAPABILITY", not "* CAPABILITY". If you
>>> tweak the regex in imap.c (line 404), so can probably get around this.
>>> I'll make a note to rework this check to me more flexible.
>>>
>>> Thanks,
>>> Joe
>>>
>>>
>>>
>>> _______________________________________________
>>> foofus-tools mailing list
>>> foofus-tools at lists.foofus.net
>>> http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net
>> _______________________________________________
>> foofus-tools mailing list
>> foofus-tools at lists.foofus.net
>> http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net
>
>
> _______________________________________________
> foofus-tools mailing list
> foofus-tools at lists.foofus.net
> http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net
More information about the foofus-tools
mailing list