Penetration Testing mailing list archives

Re: TELNET and SMTP

From: "rajat swarup" <rajats () gmail com>
Date: Sat, 7 Jul 2007 18:31:32 -0400

On 7 Jul 2007 12:30:59 -0000, wymerzp () sbu edu <wymerzp () sbu edu> wrote:

1)What could I do with the unprotected SMTP access if I can't send mail.


Use the EXPN and VRFY SMTP commands after connecting to the port 25
using telnet to enumerate the users of the system.
Having blocked the SMTP relays, there isn't much you can do unless
these guys are running vulnerable versions of Sendmail.

HTH,
--
Rajat Swarup

http://rajatswarup.blogspot.com/

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

Current thread:

TELNET and SMTP wymerzp (Jul 07)
- RE: TELNET and SMTP Shenk, Jerry A (Jul 07)
- Re: TELNET and SMTP StaticRez (Jul 07)
  - Re: TELNET and SMTP Marco Ivaldi (Jul 09)
- Re: TELNET and SMTP Hans-J. Ullrich (Jul 07)
- Re: TELNET and SMTP rajat swarup (Jul 07)
- RE: TELNET and SMTP Richard Lane (Jul 08)
- Re: TELNET and SMTP A. Tom McFrog (Jul 08)
- Re: TELNET and SMTP AdamT (Jul 08)
- <Possible follow-ups>
- RE: TELNET and SMTP Thomas W Shinder (Jul 07)
  - RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
    - RE: TELNET and SMTP Russell Butturini (Jul 09)
- Re: TELNET and SMTP Levenglick, Jeff (Jul 08)