Three methods commonly used to crack email accounts

E-mail is not secure. There may be weak links in every process of sending, transmitting and receiving e-mails. Malicious users can easily use their vulnerabilities. Crack out the account and get the content of the email.
First, the use of mail server operating system vulnerabilities

Mail server software is running on a specific operating system, such as Linux, Windows NT/2000. The default installation and configuration of these operating systems is insecure, and hackers can easily invade the system and get all usernames and passwords.

1 Windows Server

If it is a Windows 2000-based Exchange Mail Server, the system itself does not do any security configuration, open several services. The intruder can use the terminal server to combine the Chinese input method vulnerability or the IIS Buffer Overflow program to obtain the Administrator permission, use the pwdump3 to export the Hash password, and then use the L0pht hook dictionary or Brute Force to crack the user password. According to experience, if the password is simple, it can be cracked within a few minutes, and the length of 8 bits or less can be solved in one day by the Brute Force method.

2 Linux/UNIX Server

UNIX systems generally use Sendmail as the mail system. After obtaining control of the system, you can use John and other software from /etc/passwd or /etc. Crack the password in /shadow. If you use the database method to save user information and passwords, it is also easy to export.

Second, the use of the mail server software itself vulnerabilities

The most common mail server programs are Sendmail, Qmail, etc., there are security flaws in varying degrees. Take Sendmail as an example. In the old version, telnet to port 25, enter wiz, and then enter the shell, you can get a rootshell, as well as the debug command, you can also get root privileges. Qmail is relatively secure against Sendmail, but Qpoper has Buffer Overflow flaws, which can remotely get the rootshell and control the system.

Even if the mail server is secure, the intruder can get more information, such as the username. Telnet to port 25, enter expn tom or vrfy tom to query whether the system has a tom user. Although the latest version of Sendmail disables these two commands, it can be used to determine if the user exists by forging the sender and then using rcpt to.

Get the username, you can telnet to port 110, try a simple password connection, or apply a dictionary to crack.

Therefore, it is necessary to prohibit the relay of non-local domain (relay), or use the module that is used by many ISPs to send SMTP authentication, which can enhance the security of the mail server.

In addition to POP3 receiving, it is more popular to process mail on the WEB interface. This method is also not weak, generally accepting the form FORM parameters passed by the user through CGI, including username and password, if it is correct, you can enter the page that processes the mail. Cracking the passwords of known users, there are many softwares that use dictionary or violent combination. The more famous one is Xiaoxie's "Snowing Snow". In the case of simple password, there will be results soon.

The WEB mail system has the option of "forgot password". If you can crack another email address that is sent back to the password or guess the answer to the question, it will succeed.

III. Listening during the transmission of mail

Install Sniffer on the network, specify to listen to the data packets sent to the external server 110 port, and view the user and pass from the collected information. The string will see the username and the corresponding password.