Re: TELNET and SMTP

From: StaticRez (staticrez@gmail.com)
Date: Sat Jul 07 2007 - 14:36:46 EDT

• Next message: rajat swarup: "Re: TELNET and SMTP"
• Previous message: Shenk, Jerry A: "RE: TELNET and SMTP"
• In reply to: wymerzp@sbu.edu: "TELNET and SMTP"
• Next in thread: Marco Ivaldi: "Re: TELNET and SMTP"
• Reply: Marco Ivaldi: "Re: TELNET and SMTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The remote host you've connected to doesn't allow relaying of mail
from hosts outside of its domain. The server isn't configured as an
open mail relay, i.e., the 553 message you got.

With the error you received, you may have gotten some version info of
the smtp used. Maybe a buffer overflow exploit exists in regards to
the SMTP software running on the remote host.

keep in mind...you're only using the telnet client to connect to
remote port (25). you're not actually issuing commands to the telnet
port of the remote host. (23)

If the remote box does have port 23 open, then there's some brute
forcing that can be done with the telnet login. check out "brutus"
under "Priviledge Escalation" on my tool list for info on brute
forcing telnet with brutus.

http://www.staticrez.org/toolkit.php

hope this helps...

staticrez

On 7 Jul 2007 12:30:59 -0000, wymerzp@sbu.edu <wymerzp@sbu.edu> wrote:
> Hello all,
>
> I'm looking at a client's site and they have unprotected access to port 25 (i.e. I can telnet to it and issue commands). When I attempt to send an email I get this message '553 Relaying is not supported'. My question is two-fold: 1)What could I do with the unprotected SMTP access if I can't send mail. 2)What purpose do you believe that the SMTP service provides? Does the SMTP simply recieve!?!? Thank you all, Zach
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Swap Out your SPI or Watchfire app sec solution for
> Cenzic's robust, accurate risk assessment and management
> solution FREE - limited Time Offer
>
> http://www.cenzic.com/wf-spi
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

• Next message: rajat swarup: "Re: TELNET and SMTP"
• Previous message: Shenk, Jerry A: "RE: TELNET and SMTP"
• In reply to: wymerzp@sbu.edu: "TELNET and SMTP"
• Next in thread: Marco Ivaldi: "Re: TELNET and SMTP"
• Reply: Marco Ivaldi: "Re: TELNET and SMTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:55 EDT