Penetration Testing mailing list archives
Re: TELNET and SMTP
From: Marco Ivaldi <raptor () mediaservice net>
Date: Mon, 9 Jul 2007 10:38:43 +0200 (ora solare Europa occidentale)
On Sat, 7 Jul 2007, StaticRez wrote:
If the remote box does have port 23 open, then there's some brute forcing that can be done with the telnet login. check out "brutus" under "Priviledge Escalation" on my tool list for info on brute forcing telnet with brutus.http://www.staticrez.org/toolkit.php
The brutus.pl script (http://www.0xdeadbeef.info/code/brutus.pl) also supports the following user enumeration methods via SMTP:
1) VRFY/EXPN. Well-known way to enumerate valid usernames, useful with unsecured SMTP servers. 2) RCPT TO. In some cases, this may be used to perform enumeration of valid OS usernames (http://seclists.org/pen-test/2007/May/0228.html). Cheers, -- Marco Ivaldi, OPST Chief Security Officer Data Security Division @ Mediaservice.net Srl http://mediaservice.net/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
Current thread:
- TELNET and SMTP wymerzp (Jul 07)
- RE: TELNET and SMTP Shenk, Jerry A (Jul 07)
- Re: TELNET and SMTP StaticRez (Jul 07)
- Re: TELNET and SMTP Marco Ivaldi (Jul 09)
- Re: TELNET and SMTP Hans-J. Ullrich (Jul 07)
- Re: TELNET and SMTP rajat swarup (Jul 07)
- RE: TELNET and SMTP Richard Lane (Jul 08)
- Re: TELNET and SMTP A. Tom McFrog (Jul 08)
- Re: TELNET and SMTP AdamT (Jul 08)
- <Possible follow-ups>
- RE: TELNET and SMTP Thomas W Shinder (Jul 07)
- RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
- RE: TELNET and SMTP Russell Butturini (Jul 09)
- RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
- Re: TELNET and SMTP Levenglick, Jeff (Jul 08)