hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
SLiM577
Sep 3 2003, 06:28 PM
hello all biggrin.gif

Im an oper on a network on Mirc and came accross some drones. I noticed they all had Port 25 open on their box with the head banner

220 logs-mtc-tb.proxy.aol.com ESMTP Sendmail 8.12.9/8.12.9; Date,Time

Does anyone know wat exploit this may be. My friend said all the boxes may be running ms exchance server on it. If anyone knows anything please reply with info or tools /scanners for this exploit.

Thanks and good day. =]
r00l
Sep 3 2003, 08:22 PM
well. i just want to define MIRC :]
...Internet Relay Chat Client...
Inoculation X
Sep 4 2003, 04:33 PM
Port 25 is SendMail
ComSec
Sep 4 2003, 04:57 PM
well he could send fake mail taken from 'whats post'



QUOTE
i'm going to give you the appended version, and facts that you will need to know

1.use your telnet program to connect to the victims server

How do you know the server? Most mail servers run on port 25. The name of the mail server is after the @ with mail appended to the front (except for big "on-line conglomerates"). So, your victim is asdf@thevictimserver.com . We then execute the command:

telnet mail.thevictimserver.com 25

for yahoo.com, telnet mx1.mail.yahoo.com 25 . Same with most other big companys.

When you connect, you will get something like:

220 YSmtp mta102.mail.scd.yahoo.com ESMTP service ready
ehlo
250-mta102.mail.scd.yahoo.com
250-8BITMIME
250-SIZE 10485760
250 PIPELINING
mail from: <what@yahoo.com>
250 sender <what@yahoo.com> ok
rcpt to: <what@yahoo.com>
250 recipient <what@yahoo.com> ok
data
354 Please start mail input.
subject: fake mail
from: no one bitch
to: a stupid, stupid man
date: none

hello friend.
.
quit

this is the total syntax. Let's review, now shall we? these are the commands issued in order.

ehlo
mail from: <whateveryouwant@alegitimatedomain.com>
rcpt to: <thevictim@victim.com>
data
subject: data starts the mail input
from: this displays the from
to: this displays the to
date: date

make sure to hit enter twice after date to give it an "authentic" look. to end this message, leave a period "." on a line by itself and hit enter.
.
quit

and so the mail gets sent after you quit. Tons of fun


thread
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.