Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Mail Relay / Open Mail Replay
From: Voulnet <voulnet () gmail com>
Date: Sun, 2 Oct 2011 22:33:28 +0300

Well, if he can get some emails from inside there, he can wreak havoc.
All it takes is a nice and warm expletive email from one 'employee' to
the other inside the same company domain.

Hell, if you can get the emails of one employee and his boss, you can
put him through hell with such emails.

If the sysadmins don't consider it a vulnerability, just tell them
that you hope they are fine with such emails going to their bosses
using their accounts.

On Sun, Oct 2, 2011 at 9:25 PM, informationhacker08
<informationhacker08 () gmail com> wrote:

Suppose there is Mail server having port 25 open xyz.com
an attacker login on Mail server  through telnet and then try to send the
mail but the he can
 only send a mail within the xyz company not outside ..so this will be
consider as Vulnerability or not

eg. telnet xyz.com
mail from:<dddd () ddddd com>
mail rcpt :<vbn () xyz com>--->only within  the network not outside realying
the mail

--
View this message in context: http://old.nabble.com/Mail-Relay---Open-Mail-Replay-tp32578740p32578740.html
Sent from the Penetration Testing mailing list archive at Nabble.com.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]