[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Port 25 email via telnet exploit
- Subject: [cobalt-users] Port 25 email via telnet exploit
- From: Greg Hewitt-Long <greg@xxxxxxxxxxxxxxxxxxx>
- Date: Sun Jun 2 18:52:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
I searched the archives briefly, but found nothing directly relating to it...
Why does port 25 allow email to be sent via telnet without validating user login, domain etc?
Here is how I did it:
HELO
501 HELO requires domain address
HELO serverip
250 ns.webyourbusiness.com Hello address [ip], p
leased to meet you
MAIL FROM fred@xxxxxxxx
501 Syntax error in parameters scanning "FROM"
mail from: fred@xxxxxxxx
RCPT 250 fred@xxxxxxxxxxx Sender ok
TO: dest@xxxxxxxx
250 est@xxxxxxxxxxx Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Hello - this is a test mail - we need to check this out.
If we get an email back, it will be not a good thing
.
I've changes the details to hide the IP etc, but needless to say, I got the destination email - this is very scary!! Needless to say, it's not rocket science to setup a great big macro to send tons and tons of email via a telnet session using a simple telnet program.
Any pointers as to how to lock this sucker down are greatly appreciated.
regards
Greg Hewitt-Long
--
http://www.webyourbusiness.com/
Providers of E-Commerce Software &
Web Design Consultancy and Services.
PH: (970)266-0195 FAX: (970)266-0158