Re: TELNET and SMTP

From: Marco Ivaldi (raptor@mediaservice.net)
Date: Mon Jul 09 2007 - 04:38:43 EDT

• Next message: Cory.Bys@fbol.com: "RE: Multifactor Authentication Account Harvesting"
• Previous message: AdamT: "Re: TELNET and SMTP"
• In reply to: StaticRez: "Re: TELNET and SMTP"
• Next in thread: rajat swarup: "Re: TELNET and SMTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sat, 7 Jul 2007, StaticRez wrote:

> If the remote box does have port 23 open, then there's some brute
> forcing that can be done with the telnet login. check out "brutus" under
> "Priviledge Escalation" on my tool list for info on brute forcing telnet
> with brutus.
>
> http://www.staticrez.org/toolkit.php

The brutus.pl script (http://www.0xdeadbeef.info/code/brutus.pl) also
supports the following user enumeration methods via SMTP:

1) VRFY/EXPN. Well-known way to enumerate valid usernames, useful with
    unsecured SMTP servers.

2) RCPT TO. In some cases, this may be used to perform enumeration of
    valid OS usernames (http://seclists.org/pen-test/2007/May/0228.html).

Cheers,

-- 
Marco Ivaldi, OPST
Chief Security Officer    Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

• Next message: Cory.Bys@fbol.com: "RE: Multifactor Authentication Account Harvesting"
• Previous message: AdamT: "Re: TELNET and SMTP"
• In reply to: StaticRez: "Re: TELNET and SMTP"
• Next in thread: rajat swarup: "Re: TELNET and SMTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:56 EDT