[foofus-tools] Medusa: IMAP STARTTLS

jmk jmk at foofus.net
Thu May 5 12:59:47 PDT 2011


Could you send me a more verbose error log (e.g. -v 99 -w 99)? Do you
know the target IMAP server vendor and version?

Joe

On Thu, 2011-05-05 at 15:43 -0400, Mathew Rowley wrote:
> Nope, its not getting a single check, tcpdump has these timestamps:
> 
> 0        -> 1 CAPABILITY
> 0.001027 -> FIN, ACK
> 
> If I simply telent in, it seems to take about 0.5 seconds to reply...
> This is giving essentially .001 seconds.
> 
> 
> 
> 
> On 5/5/11 3:39 PM, jmk wrote:
> > The snmp module is a completely different beast from the other modules,
> > since we send a bunch of checks and then sit back and wait for
> > responses. Code/logic in that module probably won't apply well to the
> > others. 
> > 
> > Does this disconnect occur after a few successful password checks? If
> > so, I'm assuming you're running into some anti-brute force mechanism in
> > the service. The medusaCheckSocket() call in the imap module is intended
> > to deal with these situations and see if we need to restart everything.
> > It may be that you need to increase the wait within that call:
> > 
> > medusa-net.c 
> > medusaCheckSocket()
> > line 694: if (medusaDataReadyTimed(socket, 0, 1) == 0)
> > 
> > I'd try upping the 3rd parameter there from 1 to 100 or 1000. This is a
> > configurable option now in my development tree, which I'm only 5 months
> > behind target on releasing...
> > 
> > Joe
> > 
> > On Thu, 2011-05-05 at 15:20 -0400, Mathew Rowley wrote:
> >> Thanks... Before I start writing an option for IMAP - TIMEOUT, is there
> >> any way to change it in the base code? I can see that SNMP has a TIMEOUT
> >> option that sets nReadTimeout.
> >>
> >> I am having problems getting with a slow IMAP server, and medusa is
> >> failing, and sending a FINACK before it gets a response...
> >>
> >>
> >> On 5/5/11 2:57 PM, jmk wrote:
> >>> Hi Mathew,
> >>>
> >>> On Thu, 2011-05-05 at 14:37 -0400, Mathew Rowley wrote:
> >>>> Is there a command line to force IMAP STARTTLS? I am getting the
> >>>> following error:
> >>>
> >>> No. Is IMAPS (993/tcp) open? You could use the "-s" option and just go
> >>> SSL the whole way. 
> >>>
> >>>> $ medusa -h HOST.com -u 'USER at HOST.com' -P password.lst -M imap -v 100
> >>>> -n 143
> >>>> Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
> >>>> <jmk at foofus.net>
> >>>>
> >>>> GENERAL: Parallel Hosts: 1 Parallel Logins: 1
> >>>> GENERAL: Total Hosts: 1
> >>>> GENERAL: Total Users: 1
> >>>> GENERAL: Total Passwords: 3169
> >>>> ERROR: Failed to match regex pattern within server's response.
> >>>> ERROR: [imap.mod] Failed: No OK message received for CAPABILITY request.
> >>>> GENERAL: Medusa has finished.
> >>>
> >>> If you add "-w 100" to the command-line you should see better debug
> >>> data. Some day I'll merge "-v/-w" and come up with a better error
> >>> reporting system.
> >>>
> >>>> But I can see via tcpdump, that the response from 'CAPABILITY' is:
> >>>>
> >>>> * CAPABILITY IMAP4rev1 UIDPLUS IDLE LOGIN-REFERRALS NAMESPACE QUOTA
> >>>> CHILDREN AUTH=DIGEST-MD5 STARTTLS LOGINDISABLED\r\n
> >>>
> >>> It looks like we match on "OK CAPABILITY", not "* CAPABILITY". If you
> >>> tweak the regex in imap.c (line 404), so can probably get around this.
> >>> I'll make a note to rework this check to me more flexible.
> >>>
> >>> Thanks,
> >>> Joe 
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> foofus-tools mailing list
> >>> foofus-tools at lists.foofus.net
> >>> http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net
> >> _______________________________________________
> >> foofus-tools mailing list
> >> foofus-tools at lists.foofus.net
> >> http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net
> > 
> > 
> > _______________________________________________
> > foofus-tools mailing list
> > foofus-tools at lists.foofus.net
> > http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net
> _______________________________________________
> foofus-tools mailing list
> foofus-tools at lists.foofus.net
> http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net





More information about the foofus-tools mailing list