SMTP Relay Diffs

From: Noam Rathaus (noamrat_private)
Date: Sun Mar 03 2002 - 00:49:35 PST

Next message: H D Moore: "Re: SMTP Relay Diffs"

Previous message: Noam Rathaus: "Re: False Positive in cross_site_scripting.nasl"
Next in thread: H D Moore: "Re: SMTP Relay Diffs"
Reply: H D Moore: "Re: SMTP Relay Diffs"
Reply: Noam Rathaus: "Re: SMTP Relay Diffs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I added a check for the Microsoft AUTH relaying bypass.
If someone spots a problem please let me know.

Index: smtp_relay.nasl
===================================================================
RCS file: /usr/local/cvs/nessus-plugins/scripts/smtp_relay.nasl,v
retrieving revision 1.14
diff -r1.14 smtp_relay.nasl
83,86c83,104
<  if(i == "250 "){
<       security_warning(port);
<       set_kb_item(name:"SMTP/spam", value:TRUE);
<       }
---
>  if(i == "250 ")
>  {
>   security_warning(port);
>   set_kb_item(name:"SMTP/spam", value:TRUE);
>  }
>  else
>  {
>   crp = string("AUTH NTLM <etc, etc>\r\n");
>   send(socket:soc, data:crp);
>   i = recv_line(socket:soc, length:4);
>   if (i == "334 ")
>   {
>    crp = string("RCPT TO: test_2at_private\r\n");
>    send(socket:soc, data:crp);
>    i = recv_line(socket:soc, length:4);
>    if(i == "250 ")
>    {
>     security_warning(port);
>     set_kb_item(name:"SMTP/spam", value:TRUE);
>    }
>   }
>  }


Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com

application/octet-stream attachment: smtp_relay.diff

Next message: H D Moore: "Re: SMTP Relay Diffs"
Previous message: Noam Rathaus: "Re: False Positive in cross_site_scripting.nasl"
Next in thread: H D Moore: "Re: SMTP Relay Diffs"
Reply: H D Moore: "Re: SMTP Relay Diffs"
Reply: Noam Rathaus: "Re: SMTP Relay Diffs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Mar 03 2002 - 00:50:11 PST