Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: User Enumeration Flaw
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Mon, 20 Feb 2006 14:03:15 -0000

Mar.Shatz () education gov il wrote:
whitehouse.gov          MX      100 mailhub-wh2.whitehouse.gov
noone () box:~$
noone () box:~$ telnet mailhub-wh2.whitehouse.gov 25
Trying 63.161.169.140...
Connected to mailhub-wh2.whitehouse.gov.
Escape character is '^]'.
220 whitehouse.gov ESMTP service at Sun, 12 Feb 2006 11:29:38 -0500
(EST) helo jojo
250 esgeop03.whitehouse.gov Hello [xxx.xxx.xxx.xxx], pleased to meet
you mail from:bob () com com
250 2.1.0 bob () com com    Sender ok
rcpt to:gbush () whitehouse gov
550 5.1.1 gbush () whitehouse gov    User unknown
rcpt to:president () whitehouse gov
250 2.1.5 president () whitehouse gov    Recipient ok
quit
221 2.0.0 esgeop03.whitehouse.gov closing connection
Connection closed by foreign host.

User enumeration at the whitehouse


  Tell DHS at once!  What would happen if Al-Qaeda could figure out that 
there was a president in the whitehouse?


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault