SMTP (port 21)

  • - a collection of bugs in email clients that allow effective sender spoofing and code injection attacks
    analysis of 30 applications

  • Example of telnet session to SMTP server (other example)

    another trivial example

    RCPT TO:
    From: [Hacker] <>
    To: <>
    Date: Sat, 10 Dec 2017 00:20:26 -0400
    Subject: Handy email
    Hello buddy
  • Python SMTP server: python -m smtpd -n -c DebuggingServer localhost:1025 (server prints received smtp messages (NO further transmission))

  • Send prepared composite e-mail with engish and other language

    sendemail (github)

    sendEmail -f -t -u "=?utf-8?B?$(echo "This is the spam message" | base64)?=" -o message-content-type=html -o message-file=/home/phonexicum/email.html -s localhost:25 -o message-charset=utf-8 -o tls=no

    e-mail at /home/phonexicum/email.html

      <p>Hello, phonexicum ...</p>
      <p>Please cooperate with us.</p>
      Mr. Smith
      <br> Department of control.

IMAP (port 143)

  • telnet IMAP session:

    another trivial example

    $ telnet mail.domain.ext imap
    * OK Courier-IMAP ready. Copyright 1998-2002 Double Precision, Inc.
    login mypassword
    * OK LOGIN Ok.
    # Select the folder you want to look in (usually the inbos):
    select INBOX
    # This should give you some information about the contents of that mail folder:
    * FLAGS (\Draft \Answered \Flagged \Deleted \Seen \Recent)
    * OK [PERMANENTFLAGS (\Draft \Answered \Flagged \Deleted \Seen)] Limited
    * 0 EXISTS
    * 0 RECENT
    * OK [UIDVALIDITY 1021381622] Ok
    * OK [READ-WRITE] Ok
    * BYE Courier-IMAP server shutting down
    * OK LOGOUT completed

FTP (port 21)

  • default login:passwd anonymous:guest ftp:ftp

TFTP (port 69/udp)

  • tftp does not provide the directory listing, so filenames must be bruteforced:

    nmap -n -sU -p69 --script tftp-enum (nmap uses dictionary: /usr/share/nmap/nselib/data/tftplist.txt)

  • tftp session:

    another trivial example

      $ tftp
      tftp> connect
      tftp> get filename.ext