Re: WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz

[Joseph McCray <joe () learnsecurityonline com>]

Thiago, there is a great bit of info in the MX Injection paper has been
discussed in other places around the web and even implemented in a few
tools, but I don't think Marcelo was trying to say that EVERYTHING in
the entire paper was new and discovered by him alone.

I used his paper in a class I was teaching last week. I thought it was
relevant to showing how penetration testing is moving away from service
exploitation to web app, database and client side exploitation and it
drives home the point of webmail being a valid means into mail servers
you not otherwise have access to. Hint hint Marcelo - add some Outlook
Web Access content into this paper and it would be awesome! :)

Also, SMTP injection was only part of what was discussed in his paper
(requiring a valid account if I recall). I really liked the paper
because it covered IMAP injection, and some nice little IMAP enumeration
commands. Gave me some ideas for things I'd like to try in my next
audit. All in all I thought it was pretty good.


-- 
Joe McCray
Toll Free:  1-866-892-2132
Email:      joe () learnsecurityonline com
Web:        https://www.learnsecurityonline.com


Learn Security Online, Inc.

* Security Games        * Simulators
* Challenge Servers     * Courses
* Hacking Competitions  * Hacklab Access


On Sun, 2006-12-17 at 00:25 -0200, Thiago Zaninotti wrote:
> Hi Marcelo,
>
> Part of this technique is not new and has been part of N-Stalker Web
> Application Security Scanner for a long time (SMTP Injection).
>
> There are also papers that would go further on exploiting specific
> frameworks such as CDONTS.
>
> For more information, see N-Stalker Free Edition tool at
> www.nstalker.com/free-edition
>
> Best regards,

Attachment: signature.asc
Description: This is a digitally signed message part