Sidebar
user:thakes3:portfolio:summerfun:e-mail
Telnet E-mail
So SMTP is incredibly stupid, boasting only 8 commands. It also is completely unrestricted from the schools mail server. There are no SPAM filters at all at that point. This proves insecure because if you want to spoof someone's mail, then it's easy.
Here is a step by step on how to do it.
lab46~# telnet mail.corning-cc.edu 25 Trying 143.66.1.19... Connected to mail.corning-cc.edu. Escape character is '^]'. 220 mail.corning-cc.edu ESMTP Sendmail 8.12.9/8.12.9; Wed, 5 Jun 2013 10:39:47 -0400 (EDT) HELO lab46.corning-cc.edu 250 mail.corning-cc.edu Hello lab46.corning-cc.edu [143.66.50.18], pleased to meet you MAIL FROM: <wedge@lab46.corning-cc.edu> 250 2.1.0 <wedge@lab46.corning-cc.edu>... Sender ok RCPT TO: <thakes3@lab46.corning-cc.edu> 250 2.1.5 <thakes3@lab46.corning-cc.edu>... Recipient ok DATA 354 Enter mail, end with "." on a line by itself SUBJECT: Take the day off You earned it . 250 2.0.0 r55Edlkw021753 Message accepted for delivery quit 221 2.0.0 mail.corning-cc.edu closing connection Connection closed by foreign host.
Commands I had sent are all in CAPS. 250 to mail means successful and without error. I hope some kids read this and decide to send some mail to staff@corning-cc.edu or something awesome like that.
user/thakes3/portfolio/summerfun/e-mail.txt · Last modified: 2013/06/05 15:07 by thakes3
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
