Results 1 to 10 of 10

Thread: Getting username on Port 25 using VRFY command.....

  1. #1
    Junior Member
    Join Date
    Dec 2001
    Posts
    10

    Getting username on Port 25 using VRFY command.....

    I was wondering if there was any easier way to get the username for a website without telnetting to port 25 and using the VRFY command. It's very annoying as there is no way to bruteforce a website without the username (unless your very patient!). Can someone help me please.

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    429
    you don't understand this do you.

    Port 25 is for SMTP not telnet (you can telnet to port 25 and send email if you can talk SMTP)
    The VRFY command used to be used to verifying that a username / mail recipient exists, due to years of abuse, most mailservers have disabled the VRFY command.)

    In short, I think you should go to another haxor site and ask them how you can hack hotmail (that'll impress them with your l33t abilities) cos your beyond help from us I fear.



    J.
    [glowpurple]manually editing your config files can break them. If this happens, you get to keep both pieces. [/glowpurple]

  3. #3
    Junior Member
    Join Date
    Feb 2002
    Posts
    18
    *NIX:
    you can get a list of usernames through the website...visit the site and write down any email adresses you can find because email adresses are also usually valid login names. you can also run a "whois" and "nslookup" on the domain / host - this will give give you some more email adresses...that of the administrator, etc.
    my third suggestion is to telnet to the finger port (port 79) - of one exists...or you can also use a finger client for windoze, e.g. Sam Spade ...
    my fourth suggestion is to try some of the default accounts and passwords (weak passwords)


    NT:
    perhaps you can use a null IPC session and the SID tools to get all user names for a specific pc or the whole domain.

    www.hackingexposed.com

  4. #4
    Junior Member
    Join Date
    Dec 2001
    Posts
    10
    In reply to jcdux, there are alot of websites that still have the VRFY command.

  5. #5
    Banned
    Join Date
    Oct 2001
    Posts
    1,459
    Sure... Most of them do have it, but a great percentage of them dont.. So you could try to use FINGER instead of VRFY

  6. #6
    Junior Member
    Join Date
    Dec 2001
    Posts
    10
    It's basically impossible these days to find a webserver with an open finger port.

  7. #7
    Ok, as I guess, u are not going to hack a web site, you must looking for some internet accounts that u want some username from SMTP port and then start the brute force attack on victims, isn't it?

    Ok, as I am really poor as you, and if you want to save your mony , I'll help u if I guess the true. just mail me I'll give u a fast brute force attack program.

  8. #8
    Ok, as I guess, u are not going to hack a web site, you must looking for some internet accounts that u want some username from SMTP port and then start the brute force attack on victims, isn't it?


    Ok, as I am really poor as you, and if you want to save your mony , I'll help u if I guess the true. just mail me I'll give u a fast brute force attack program.

  9. #9
    Junior Member
    Join Date
    Dec 2001
    Posts
    10
    Thanks for the offer but I already have a bruteforcer.

  10. #10
    Junior Member
    Join Date
    Feb 2002
    Posts
    18
    Originally posted here by echelon3
    It's basically impossible these days to find a webserver with an open finger port.
    If you want to break into someone's website but this machine has no open finger port you can try to break into another machine on the same subnet. If the ip-address of the web server is 153.324.13.45, you have to scan from 153.324.13.1 to 153.324.13.254 to get all the machines on that subnet. One of these machines will probably have a finger daemon running.
    Love your country, but
    never trust its government. -- Robert A. Heinlein

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •