I don't know of anything you can do through SMTP or POP3, however a couple of things you could check: 1) Have a look around for any other NT machines. If your Exchange box is on a domain, then you may have actually compromised the domain admin password. 2) Check the firewall. Many firewalls can be configured to authenticate back to an NT / 2K domain; if you've got the right account details, you might end up with a VPN connection or a few more open ports. 3) Read the Administrator's email. There may be more info in emails sent to the administrator about other machines on the network. Chris -- Chris Paget mad.nutterat_private On Thu, 10 May 2001 09:41:06 -0500, you wrote: >Hi all. > >I am relatively to penetration testing, and I have come accross something >that I think I should be able to expolit, but can't figure out how. I have >brute-forced the Administrator password on an NT server with Exchange 5.5 >via the POP3 service. This server is behind a firewall and only has ports >25 and 110 open on it. Does anyone know of a way to use this information to >further compromise this host? or is this as far as someone could get?
This archive was generated by hypermail 2b30 : Mon May 14 2001 - 09:44:12 PDT