Penetration Testing mailing list archives

Re: TELNET and SMTP

From: Marco Ivaldi <raptor () mediaservice net>
Date: Mon, 9 Jul 2007 10:38:43 +0200 (ora solare Europa occidentale)

On Sat, 7 Jul 2007, StaticRez wrote:

If the remote box does have port 23 open, then there's some bruteforcing that can be done with the telnet login. check out "brutus" under"Priviledge Escalation" on my tool list for info on brute forcing telnetwith brutus.
http://www.staticrez.org/toolkit.php

The brutus.pl script (http://www.0xdeadbeef.info/code/brutus.pl) alsosupports the following user enumeration methods via SMTP:


1) VRFY/EXPN. Well-known way to enumerate valid usernames, useful with
   unsecured SMTP servers.

2) RCPT TO. In some cases, this may be used to perform enumeration of
   valid OS usernames (http://seclists.org/pen-test/2007/May/0228.html).

Cheers,

--
Marco Ivaldi, OPST
Chief Security Officer    Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

Current thread:

TELNET and SMTP wymerzp (Jul 07)
- RE: TELNET and SMTP Shenk, Jerry A (Jul 07)
- Re: TELNET and SMTP StaticRez (Jul 07)
  - Re: TELNET and SMTP Marco Ivaldi (Jul 09)
- Re: TELNET and SMTP Hans-J. Ullrich (Jul 07)
- Re: TELNET and SMTP rajat swarup (Jul 07)
- RE: TELNET and SMTP Richard Lane (Jul 08)
- Re: TELNET and SMTP A. Tom McFrog (Jul 08)
- Re: TELNET and SMTP AdamT (Jul 08)
- <Possible follow-ups>
- RE: TELNET and SMTP Thomas W Shinder (Jul 07)
  - RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
    - RE: TELNET and SMTP Russell Butturini (Jul 09)
- Re: TELNET and SMTP Levenglick, Jeff (Jul 08)