fingerprinting mail server
Results 1 to 10 of 10

Thread: fingerprinting mail server

  1. #1
    Senior Member
    Join Date
    Dec 2004
    Posts
    137

    fingerprinting mail server

    hi, do you guys know how to fingerprint a mail server?

    i am up for a junior job with this department that manages the email systems and thought it might be a good idea to find out what they use and brush up on the manuals.

    don't really want to run anything nasty on their server that might be construed as an attack. just want to find out what mail system they use. i am pretty sure it's not exchange but unix based.

  2. #2
    Banned
    Join Date
    Jun 2005
    Posts
    445
    WHOA... don't try remote fingerprining...


    Your best bet, both technologically, and in the eyes of the company... is to ask them, and explain that you would like to study up.


    THis will make you look good in their eyes usually... make you look like someone who is very thorough.

  3. #3
    Banned
    Join Date
    Aug 2004
    Posts
    534
    don't worry ... secret service won't break your door in if you just grab some headers via netcat

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    sort of like those kids at harvard that just wanted to know if they had gotten in already... the ones that got in are now kicked out...good deal huh.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  5. #5
    Banned
    Join Date
    Aug 2004
    Posts
    534
    point taken... but you can't compare port scan to an inrusion

  6. #6
    Banned
    Join Date
    Jun 2005
    Posts
    445
    The fact that you can't get in trouble for it doesn't make it right.

  7. #7
    Senior Member
    Join Date
    Dec 2004
    Posts
    137
    okay. well how about this then.

    if you were to use a unix based mail server and you had 100,000 email addys to manage - what would you use? what is capable of that volume?

  8. #8
    Banned
    Join Date
    Jun 2005
    Posts
    445
    /me burps the word sendmail

    /me farts the word procmail

    /me makes some other random bodily noises to the tune of several other standard mail related programs and daemons


    Try doing some research on google?

  9. #9
    Junior Member
    Join Date
    Feb 2003
    Posts
    10
    Have you tried connecting to their SMTP or POP3 server via telnet? As long as you don't try to log in it will not be construed as an intrusion. The server won't be able to tell the difference.

    You should do this and make a point of it during your interview! My college professor taught us to change the welcome message to obscure what system is running. Tell them you will mask or spoof the identity of the server via the welcome message to make it harder for blackhats to fingerprint.

    Telnet to a SMTP server like this from Windows command line:

    "telnet smtp.companyname.com:25" (fill in the proper URL or just guess it)

    or from Linux:

    "telnet smtp.companyname.com 25"

  10. #10
    Senior Member
    Join Date
    May 2004
    Posts
    274
    Hi, i think u are looking for this.

    smtpscan is a remote SMTP server version detector. It can be used to guess which mail software is used on a remote server, that may hide its SMTP banner.
    http://www.greyhats.org/outils/smtps...mtp_detect.pdf
    http://www.greyhats.org/outils/smtps...can-0.5.tar.gz

    smtpmap
    http://plasmahh.hopto.org/down_tool
    Excuse me, is there an airport nearby large enough for a private jet to land?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •