Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Last call for smtp-open-relay.nse - help needed

From: Ron <ron () skullsecurity net>
Date: Tue, 2 Mar 2010 16:11:28 -0600
On Tue, 2 Mar 2010 15:02:51 -0700 David Fifield <david () bamsoftware com>
wrote:

On Tue, Mar 02, 2010 at 09:34:24PM +0000, Duarte Silva wrote:

They are running the qmail SMTP server
(http://pobox.com/~djb/qmail.html). The script end result is the
following

25/tcp open  smtp    syn-ack
| smtp-enum-users:
|_  ERROR: Couldn't find any account names

The smtp server does not implement EXPN but it does implement VRFY.
The VRFY always return

252 send some mail, i'll try my best..


Ha ha, yeah, qmail is the server I would least expect to fall to this
script. The author wrote a short page about it:
http://cr.yp.to/smtp/vrfy.html.

I'd like to add the script. I just want someone to test it and
successfully enumerate a user, to make sure those code paths work.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


I have a server I can test on:

220 zimbra.xxx.mb.ca ESMTP Postfix
VRFY test
504 5.5.2 <test>: Recipient address rejected: need fully-qualified address
VRFY test () xxx mb ca
550 5.1.1 <test () xxx mb ca>: Recipient address rejected: xxx.mb.ca
VRFY yyy () xxx mb ca
252 2.0.0 yyy () xxx mb ca

I'll give the script a shot tonight (I need to get permission first). 


-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: