Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

SMTP Rootkit - SMTPCommander now open source

From: SCInfo () SMTPCommander com
Date: 1 Feb 2006 03:10:03 -0000
The SMTPCommander pen test version is now open source!  

www.SMTPCommander.com

It has been made smaller, with a few of the higher level features removed, but the core features for pen testing as a 
SMTP Rootkit remain.  They are:
* send script commands via SMTP emails
* put files to the server (put pwdump for example)
* ability to execute cmd shells as system (execute pwdump)
* get files from the server (get pwdump output)
* return results via SMTP emails
* redirect SMTP emails - map any SMTP address to another, wildcard allows all SMTP email to be sent to another SMTP 
email address
* supports IIS5/6, inc Exchange Server 2000/2003
* single DLL install, about 85K in size
* quite operation, runs under inetinfo - virtually undetectable *after* inetinfo starts
* once installed (with admin rights) you can own 
the box via email messaging past any firewall, or other email systems.  As long as you can get your SMTP message to the 
box with SMTPCommander on it you own it.

There are two versions -- the open source pen test version, and a closed source more robust (but also free) version 
designed to work as a secure admin tool and resource kit tool for Exchange Sentry which is a commercial anti-spam 
system for Exchange Server(www.ExchangeSentry.com).

Thank you for considering it, donations are gladly accepted via link on web site.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: