Security Basics mailing list archives

Re: Re: mail server vulnerability

From: praveen_recker () sify com
Date: 20 Feb 2009 15:37:48 -0000

Hi Abhishek,

You can try connecting to the SMTP server using telnet,say
c:/>telnet smtp_ip 25
this should not be successful....so system admins should block TELNET to SMTP servers. If successful this gives u the 
banner. Based upon version and vendor search for any exploits available for free (refer milw0rm, metasploit etc) if u 
have commercial tools(coreimpact, saint etc) it's well and good.
If u are good at Perl develop ur own script and start sending attacks by changing USER names, DOMAIN names etc to 
overly long strings, format specifiers etc.

Best Regards,
Praveen Darshanam,
Security Researcher,
INDIA

Current thread:

mail server vulnerability Abhishek Kumar (Feb 09)
- Re: mail server vulnerability p3dRø (Feb 09)
- RE: mail server vulnerability Nick Vaernhoej (Feb 09)
- Re: mail server vulnerability Eitan Adler (Feb 10)
- <Possible follow-ups>
- Re: Re: mail server vulnerability viveksilla (Feb 10)
- Re: Re: mail server vulnerability ryancol (Feb 10)
  - Re: mail server vulnerability Ansgar Wiechers (Feb 10)
- Re: Re: mail server vulnerability praveen_recker (Feb 20)
  - Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
    - Re: Re: mail server vulnerability greimer (Feb 20)
    - Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
    - Re: mail server vulnerability Patrick J Kobly (Feb 20)
    - Re: mail server vulnerability Atilla Remote Support (Feb 20)
  - Re: Re: mail server vulnerability Jared Curtis (Feb 20)
    - Re: Re: mail server vulnerability Balakrishnan B (Feb 20)
  - Re: mail server vulnerability Patrick J Kobly (Feb 20)