Penetration Testing mailing list archives
Re: TELNET and SMTP
From: StaticRez <staticrez () gmail com>
Date: Sat, 7 Jul 2007 13:36:46 -0500
The remote host you've connected to doesn't allow relaying of mail from hosts outside of its domain. The server isn't configured as an open mail relay, i.e., the 553 message you got. With the error you received, you may have gotten some version info of the smtp used. Maybe a buffer overflow exploit exists in regards to the SMTP software running on the remote host. keep in mind...you're only using the telnet client to connect to remote port (25). you're not actually issuing commands to the telnet port of the remote host. (23) If the remote box does have port 23 open, then there's some brute forcing that can be done with the telnet login. check out "brutus" under "Priviledge Escalation" on my tool list for info on brute forcing telnet with brutus. http://www.staticrez.org/toolkit.php hope this helps... staticrez On 7 Jul 2007 12:30:59 -0000, wymerzp () sbu edu <wymerzp () sbu edu> wrote:
Hello all, I'm looking at a client's site and they have unprotected access to port 25 (i.e. I can telnet to it and issue commands). When I attempt to send an email I get this message '553 Relaying is not supported'. My question is two-fold: 1)What could I do with the unprotected SMTP access if I can't send mail. 2)What purpose do you believe that the SMTP service provides? Does the SMTP simply recieve!?!? Thank you all, Zach ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
Current thread:
- TELNET and SMTP wymerzp (Jul 07)
- RE: TELNET and SMTP Shenk, Jerry A (Jul 07)
- Re: TELNET and SMTP StaticRez (Jul 07)
- Re: TELNET and SMTP Marco Ivaldi (Jul 09)
- Re: TELNET and SMTP Hans-J. Ullrich (Jul 07)
- Re: TELNET and SMTP rajat swarup (Jul 07)
- RE: TELNET and SMTP Richard Lane (Jul 08)
- Re: TELNET and SMTP A. Tom McFrog (Jul 08)
- Re: TELNET and SMTP AdamT (Jul 08)
- <Possible follow-ups>
- RE: TELNET and SMTP Thomas W Shinder (Jul 07)
- RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
- RE: TELNET and SMTP Russell Butturini (Jul 09)
- RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
- Re: TELNET and SMTP Levenglick, Jeff (Jul 08)