#!/usr/bin/perl # salt version 1.0.1 2004-10-11 # salt version 1.0.2 2006-10-26 - Added two new passwords to test. use strict; use warnings; # Requires the Net::SMTP_auth extension to be installed from CPAN. # If the _auth extension is not installed, all login attempts will fail. # The program will not abort, but you will never authenticate. use Net::SMTP; # Ensure buffer flush after every print. $| = 1; my $server = $ARGV[0]; if (!$server) { print "Usage: salt host\n"; exit; } # Check if server accepts connections. print "Testing if $server accepts port 25 connections..."; my $smtp = Net::SMTP->new($server, Port=>25) or die("\nConnection to server failed.\n"); print " Good.\n"; # Check for AUTH LOGIN support. my $found = 0; my @answers = $smtp->message; print "Testing if $server supports AUTH LOGIN..."; foreach my $answer (@answers) { chomp($answer); if (($answer =~ 'AUTH.*LOGIN') and (!$found)) { $found = 1; } } $smtp->quit; if (!$found) { # No AUTH LOGIN, then die. print "\nServer does not support AUTH LOGIN.\n"; exit; } print " Good.\n\n"; print "Checking for weak passwords:\n"; # Define the usernames to test. my @users = ('administrator', 'guest', 'info', 'test', 'admin', 'user', 'mail', 'webmaster', 'root', 'master', 'web', 'www', 'backup', 'server', 'data', 'abc', 'demo'); my %vulnerable; foreach my $user (@users) { $found = 0; # Define the passwords to test. my @passwords = ($user, $user.'1', $user.'12', $user.'123', '', '1', '111', '123', '1234', '12345', '123456', '1234567', '12345678', '654321', '54321', '00000000', '88888888', 'admin', 'root', 'pass', 'password', 'passwd', 'super', '!@#$%^&*', 'qwerty', 'asdfgh', 'zxcvbn', 'ytrewq', 'hgfdsa', 'nbvcxz'); print "$user:"; foreach my $password (@passwords) { if (!$found) { # Connect to the server. $smtp = Net::SMTP->new($server, Port=>25) or die("\nConnection to server failed.\n"); # Does this user/password combo authenticate? if ($smtp->auth($user, $password)) { if ($password eq '') {$password = 'NULL';} # Add to list of vulnerable accounts. $vulnerable{$user} = $password; print "*"; $found = 1; } else { print "."; } $smtp->quit; } } print "\n"; } # Display result summary. print "\n"; if (!%vulnerable) { print "No weak passwords found.\n"; print "Remember: Absence of evidence is not evidence of absence.\n"; exit; } print "The following vulnerable accounts were found:\n"; foreach my $user (keys %vulnerable) { my $password = $vulnerable{$user}; print "$user/$password\n"; } __END__ =head1 NAME salt - Bimple Buth Bogin Bester =head1 SYNOPSIS salt host =head1 DESCRIPTION Tests a host for vulnerability to the AUTH LOGIN exploit using a range of usernames and passwords known to be exploited by spammers. Note: If salt is unable to find a vulnerable account, this does not mean that you are not vulnerable to the exploit. A spammer may well attempt connections with a wider range of usernames and passwords. Using secure passwords on all accounts is the best defense against this type of attack. =head1 SEE ALSO SMTP AUTH connections will not succeed without the Net:SMTP_auth extension to Net:SMTP. You can find details on installing Net:SMTP_auth here: http://search.cpan.org/src/APLEINER/Net-SMTP_auth-0.07/ =head1 LICENSE Copyright (c) 2004 Graeme Leith All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. =head1 AUTHOR Graeme Leith =cut