Last active
June 30, 2022 17:51
-
-
Save maxrp/8cb74af409feabc16337a49df2722673 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
from smtplib import SMTP, SMTPAuthenticationError | |
from getpass import getuser | |
if __name__ == '__main__': | |
server, service_port = "smtp.office365.com", 587 | |
with SMTP(server, port=service_port) as smtp: | |
print('[+] Attempting a login as a bogus user.') | |
print(f"[+] connected to server: {server}:{service_port}") | |
smtp.starttls() | |
smtp.ehlo() | |
try: | |
user = f"{getuser()}-from-o365-login-proof-of-concept@pdx.edu" | |
password = "notarealpass!@#$@#$" | |
print(f"[+] Attempting login as: '{user}' with the password '{password}'") | |
smtp.login(user, password) | |
except SMTPAuthenticationError as err: | |
print(f"[!] {err.smtp_code}: {err.smtp_error}") | |
smtp_err1 = err.smtp_error | |
print(f"\n** Check splunk logs for an attempted login from {user}\n") | |
with SMTP(server, port=service_port) as smtp: | |
print('[+] Attempting a login as a real user.') | |
print(f"[+] connected to server: {server}:{service_port}") | |
smtp.starttls() | |
smtp.ehlo() | |
try: | |
user = f"{getuser()}@pdx.edu" | |
password = "notarealpass!@#$@#$" | |
print(f"[+] Attempting login as: '{user}' with the password '{password}'") | |
smtp.login(user, password) | |
except SMTPAuthenticationError as err: | |
print(f"[!] {err.smtp_code}: {err.smtp_error}") | |
if err.smtp_error != smtp_err1: | |
print(f"\n** The account '{user}' is configured to disallow basic authentication") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment