Hacking SMTP Mail Gateways

Mail Servers: They have their own language
There are many types and brands of e-mail servers used on the Internet. There's Sendmail, been around for a long time and typically used on UNIX systems, Microsoft Exchange, a Microsoft product of course, and GroupWise, a Novell product, just to name a few.
Regardless of the services and options each flavor of mail server offers you, they all have one thing in common. They must abide by the rules of the SMTP communications standards, and in effect, speak a common language. If you want to know more about this, read the SMTP "Request For Comment" , or RFC located here.
e-mail relaying

SMTP Mail Relaying and Social Engineering

Mail Relaying: What's the big deal?
Although not a traditional vulnerability, one of the most common forms of SMTP misuse is email relaying, or email spoofing. This method is routinely used by spammers to distribute their unwanted, and unsolicited information. In many cases, they setup their own mail servers, configured to allow mail relaying. However, if your smtp gateway is not setup to prevent mail relay, the spammers will kindly use it. This is a very simple procedure and in most cases is completely automated.

Social Engineering Attack by E-mail
Another common use of email relay and spoofing is social engineering attacks. We recently performed a security assessment for an organizing where we were permitted to perform social engineering and denial-of-service attacks. It turned out that this company's SMTP server was not configured to prevent email relaying. We attached to the SMTP gateway from the Internet, spoofed the e-mail address of one of the IT people, and sent an e-mail to ten end-users instructing them to "Shutdown their computers immediately because the IT team had detected a serious virus / or worm on their computer". All ten of the users did exactly as we asked. Imagine if we sent this e-mail to the "everyone" e-mail distribution group. Probably would not have been a good day for the IT folks.
I want to make the point that I am writing this article for the purpose of education and awareness. The purpose is NOT to provide someone the information needed to abuse SMTP services.

Speaking the SMTP Language

The Basics of Hacking SMTP Gateways and Communications

There are a handful of methods in direct SMTP communication but for the sake of this article we will only review a few items.  These items, if the SMTP gateway you are attached to allows mail relaying, is all that is needed to successfully email spoof or e-mail relay.
  • Our Target: "smtpmailserver.ontheinternet.com";
  • Our Tool: The good ole "telnet: client;
  • Our Objective: Determine if mail relay is possible and execute it.
The following are the six commands (or steps) we will use to check for and execute a mail relay:
  1. "telnet": A communications client used to connect to the SMTP port 25 on the target mail server;
  2. "helo": SMTP command used to introduce ourselves to the SMTP server
  3. "mail from:": SMTP command to identify who mail will be sent from
  4. "rcpt to:": SMTP command telling the mail server who to send the e-mail too;
  5. "data": SMTP command that instructs the mail server that the text typed after this command is the body of our message;
  6. "(enter).(enter)": When we are finished writing our message we will hit the (enter) button, the period".", then another (enter) and the mail will be queued for delivery

Action: "telnet smtpmailserver.ontheinternet.com 25": Connect to our SMTP gateway, on port 25, using the telnet client" Response: "220 smtpmailserver.ontheinternet.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Mon, 11 Apr 2005 11:15:50 -0400"
Result: You successfully connected to the Server!
Action: "helo": say hello to the gateway Response: "250 smtpmailserver.ontheinternet.com [10.1.1.x]"
Result: The gateway greets you!
Action: "rcpt to: person@targetdomain.com": Who are we sending the e-mail to? Response: "250 2.1.5 person@targetdomain.com"
Result: We are close to sending our spoofed e-mail message!!!Action: "data (then hit enter)": Tell the smtp server we are writing our message next!
Response: "354 Start mail input; end with <CRLF>.<CRLF>": The mail server is telling us to write our message then type "enter" a period ".", then "enter" again
Result: You type your message
Action: "(Hit enter) type "." (Hit enter)": Tell the smtp server we are finished writing our message!
Response: "250 2.6.0 <smtpmailserver WQm21OesnsI0000148e@smtpmailserver.ontheinternet.com> Queued mail for delivery"
Result: The SMTP mail server has just accepted your e-mail for delivery and has queued it for sending!

Conclusion

Automating The Process
As you can see, this process is pretty strait forward. Automating the process is quite simple and can be done by writing a script in any number of languages. A script designed to send out mass mail can do so very quickly and efficiently. If you or your companies mail server were to be a target of email relay, it could cause you a lot of trouble. It may even overwhelm your mail server to the point of causing a denial-of-service attack. Effectively preventing you from sending legitimate mail.

Securing Your Mail Server
Preventing mail relay is usually pretty easy to do. On some mail servers it's as easy as checking off a button. Others require a little more effort. For information regarding securing the few e-mail servers I mentioned above you can review the following links:

Microsoft Exchange: Securing Exchange Communications
Novell GroupWise: Secure Message Concepts
Sendmail: Linux: Securing Sendmail
Share:

6 comments:

  1. how to crack smtp http://bicombusiness.blogspot.com/2015/12/how-to-crack-smtp.html

    ReplyDelete
  2. smtp verifier|smtp cracker|smtp password cracker|how to crack smtp|how to get smtp|

    http://shanghaiblackgoons.com/62-smtp-verifier.html

    http://lobatandawgs.com/59-smtp-verifier.html

    ReplyDelete
  3. How to crack smtp|how to crack pop 3|how to crack imap|how to crack ftp|

    http://shanghaiblackgoons.com/73-hscan-gui-version.html

    http://lobatandawgs.com/70-hscan-gui-version.html

    ReplyDelete
  4. Bilal Khan is a mother fucker is a ripper dont fall for is scam

    ReplyDelete
  5. Yes he is a ripper. I will hurt him what he love most.

    ReplyDelete
  6. how to hack smtp how to hack smtp

    http://lobatandawgs.com/53-how-to-crack-smtp.html

    http://shanghaiblackgoons.com/234-python-ip-smtp-scanner.html

    ReplyDelete

DISCLAIMER

The information provided on hottechtips.blogspot.com is to be used for educational purposes only. The website creator is in no way responsible for any misuse of the information provided. All of the information in this website is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” on hottechtips.blogspot.com should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk.