| Mail Servers:
They have their own language There are many types and brands of e-mail servers used on the Internet. There's Sendmail, been around for a long time and typically used on UNIX systems, Microsoft Exchange, a Microsoft product of course, and GroupWise, a Novell product, just to name a few. Regardless of the services and options each flavor of mail server offers you, they all have one thing in common. They must abide by the rules of the SMTP communications standards, and in effect, speak a common language. If you want to know more about this, read the SMTP "Request For Comment" , or RFC located here. |
 |
SMTP Mail Relaying and Social Engineering
Mail Relaying: What's the big deal?Although not a traditional vulnerability, one of the most common forms of SMTP misuse is email relaying, or email spoofing. This method is routinely used by spammers to distribute their unwanted, and unsolicited information. In many cases, they setup their own mail servers, configured to allow mail relaying. However, if your smtp gateway is not setup to prevent mail relay, the spammers will kindly use it. This is a very simple procedure and in most cases is completely automated.
Social Engineering Attack by E-mail
Another common use of email relay and spoofing is social engineering attacks. We recently performed a security assessment for an organizing where we were permitted to perform social engineering and denial-of-service attacks. It turned out that this company's SMTP server was not configured to prevent email relaying. We attached to the SMTP gateway from the Internet, spoofed the e-mail address of one of the IT people, and sent an e-mail to ten end-users instructing them to "Shutdown their computers immediately because the IT team had detected a serious virus / or worm on their computer". All ten of the users did exactly as we asked. Imagine if we sent this e-mail to the "everyone" e-mail distribution group. Probably would not have been a good day for the IT folks.
I want to make the point that I am writing this article for the purpose of education and awareness. The purpose is NOT to provide someone the information needed to abuse SMTP services.
Speaking the SMTP Language
The Basics of Hacking SMTP Gateways and Communications
There are a handful of methods in direct SMTP communication but for the sake of this article we will only review a few items. These items, if the SMTP gateway you are attached to allows mail relaying, is all that is needed to successfully email spoof or e-mail relay.- Our Target: "smtpmailserver.ontheinternet.com";
- Our Tool: The good ole "telnet: client;
- Our Objective: Determine if mail relay is possible and execute it.
- "telnet": A communications client used to connect to the SMTP port 25 on the target mail server;
- "helo": SMTP command used to introduce ourselves to the SMTP server
- "mail from:": SMTP command to identify who mail will be sent from
- "rcpt to:": SMTP command telling the mail server who to send the e-mail too;
- "data": SMTP command that instructs the mail server that the text typed after this command is the body of our message;
- "(enter).(enter)": When we are finished writing our message we will hit the (enter) button, the period".", then another (enter) and the mail will be queued for delivery
Action: "telnet smtpmailserver.ontheinternet.com 25": Connect to our SMTP gateway, on port 25, using the telnet client" Response: "220 smtpmailserver.ontheinternet.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Mon, 11 Apr 2005 11:15:50 -0400"
Result: You successfully connected to the Server!
Action: "helo": say hello to the gateway Response: "250 smtpmailserver.ontheinternet.com [10.1.1.x]"
Result: The gateway greets you!
Action: "rcpt to: person@targetdomain.com": Who are we sending the e-mail to? Response: "250 2.1.5 person@targetdomain.com"
Result: We are close to sending our spoofed e-mail message!!!Action: "data (then hit enter)": Tell the smtp server we are writing our message next!
Response: "354 Start mail input; end with <CRLF>.<CRLF>": The mail server is telling us to write our message then type "enter" a period ".", then "enter" again
Result: You type your message
Action: "(Hit enter) type "." (Hit enter)": Tell the smtp server we are finished writing our message!
Response: "250 2.6.0 <smtpmailserver WQm21OesnsI0000148e@smtpmailserver.ontheinternet.com> Queued mail for delivery"
Result: The SMTP mail server has just accepted your e-mail for delivery and has queued it for sending!
Conclusion
Automating The ProcessAs you can see, this process is pretty strait forward. Automating the process is quite simple and can be done by writing a script in any number of languages. A script designed to send out mass mail can do so very quickly and efficiently. If you or your companies mail server were to be a target of email relay, it could cause you a lot of trouble. It may even overwhelm your mail server to the point of causing a denial-of-service attack. Effectively preventing you from sending legitimate mail.
Securing Your Mail Server
Preventing mail relay is usually pretty easy to do. On some mail servers it's as easy as checking off a button. Others require a little more effort. For information regarding securing the few e-mail servers I mentioned above you can review the following links:
Microsoft Exchange: Securing Exchange Communications
Novell GroupWise: Secure Message Concepts
Sendmail: Linux: Securing Sendmail
how to crack smtp http://bicombusiness.blogspot.com/2015/12/how-to-crack-smtp.html
ReplyDeletesmtp verifier|smtp cracker|smtp password cracker|how to crack smtp|how to get smtp|
ReplyDeletehttp://shanghaiblackgoons.com/62-smtp-verifier.html
http://lobatandawgs.com/59-smtp-verifier.html
Yes he is a ripper. I will hurt him what he love most.
ReplyDeletehow to hack smtp how to hack smtp
ReplyDeletehttp://lobatandawgs.com/53-how-to-crack-smtp.html
http://shanghaiblackgoons.com/234-python-ip-smtp-scanner.html