Issues with smtp_web.py Source Email

[mikesiegel]

Hello,

I believe I'm running into some bugs in 5.4.2 with the smtp_web.py module. User tracking is set to ON.

Test case is as follows: 1) Social-Engineering Attacks 2) Website Attack Vectors 3) Credential Harvester Attack Method 2) Site Cloner

Specify my IP and an example site www.google.com,

1. E-Mail Attack Single Email Address Enter in email,
2. Use your own server or open relay. No auth.

Running Sendmail=1.

Open relay option specifies: Specify Open-Relay Option Here if relay == '2': user1 = raw_input(setprompt(["1"], "From address (ex: moo@example.com)")) from_address = raw_input(setprompt(["1"], "The FROM NAME the user will see")) if sendmail==0: user = raw_input(setprompt(["1"], "Username for open-relay [blank]")) pwd = getpass.getpass("Password for open-relay [blank]: ")

However user1 isnt used, if sendmail==1 the function is called line this on line 268

if sendmail == 1: mailServer.sendmail,(user, to, msg.as_string())

As a result this will die: Dec 13 16:59:06 kali sm-mta[22741]: rBDLx6Fi022741: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4

[trustedsec]

Thanks for the bug report, I believe I fixed this by specifying user = user1 to define what user is now. Let me know if it works, looks good on my Kali box but I don't have a destination to send it to that doesnt do reverse lookups.