Summary 145
HELO
501 HELO requires domain address
HELO x
250 server1 Hello [10.0.0.72], pleased to meet you
MAIL FROM:link
250 link... Sender ok
RCPT TO:link
250 link... Recipient ok
RCPT TO: zelda
550 zelda... User unknown
Although these attacks aren’t all that difficult to execute from the command line, there
are other options for these attacks through SMTP such as TamoSoft’s Essential NetTools or
NetScanTools Pro.
SMTP Relay
The SMTP Relay service lets users send e-mails through external servers. Open e-mail
relays aren’t the problem they used to be, but you still need to check for them. Spammers
and hackers can use an e-mail server to send spam or malware through e-mail under the
guise of the unsuspecting open-relay owner.
Summary
This chapter described the process of enumerating the resources on a system for a later
attack. You began by exploring various items on a system such as user accounts and group
information. Information from the previous footprinting phase was gathered with little to
no interaction or disturbing of the target, whereas in this phase you are more proactively
obtaining information. Information brought into this phase includes usernames, IP ranges,
share names, and system information.
An attacker who wants to perform increasingly aggressive and powerful actions will
need to gain greater access. This is done by building on the information obtained through
careful investigation. To perform this investigation, you have such options as the use of
NetBIOS NULL sessions, SNMP enumeration, SMTP commands, and utilities such as the
PsTools suite.
If enumeration is performed correctly the attacker should have a good picture of what
the system looks like. Information should include account information, group information,
share information, network data, service data, application profiles, and much more.