Penetration Testing mailing list archives
Re: TELNET and SMTP
From: "rajat swarup" <rajats () gmail com>
Date: Sat, 7 Jul 2007 18:31:32 -0400
On 7 Jul 2007 12:30:59 -0000, wymerzp () sbu edu <wymerzp () sbu edu> wrote:
1)What could I do with the unprotected SMTP access if I can't send mail.
Use the EXPN and VRFY SMTP commands after connecting to the port 25 using telnet to enumerate the users of the system. Having blocked the SMTP relays, there isn't much you can do unless these guys are running vulnerable versions of Sendmail. HTH, -- Rajat Swarup http://rajatswarup.blogspot.com/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
Current thread:
- TELNET and SMTP wymerzp (Jul 07)
- RE: TELNET and SMTP Shenk, Jerry A (Jul 07)
- Re: TELNET and SMTP StaticRez (Jul 07)
- Re: TELNET and SMTP Marco Ivaldi (Jul 09)
- Re: TELNET and SMTP Hans-J. Ullrich (Jul 07)
- Re: TELNET and SMTP rajat swarup (Jul 07)
- RE: TELNET and SMTP Richard Lane (Jul 08)
- Re: TELNET and SMTP A. Tom McFrog (Jul 08)
- Re: TELNET and SMTP AdamT (Jul 08)
- <Possible follow-ups>
- RE: TELNET and SMTP Thomas W Shinder (Jul 07)
- RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
- RE: TELNET and SMTP Russell Butturini (Jul 09)
- RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
- Re: TELNET and SMTP Levenglick, Jeff (Jul 08)