website-security

Cylance is a software company,It develops antivirus programs and some other type of software the prevent from viruses and malware.

Here is the Information about A simple Hack
When we are scanning into MX records there is SMTP port open with the protection.

IP : 208.65.144.3

nmap result :

PORT STATE SERVICE
25/tcp open smtp
32/tcp filtered unknown
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
514/tcp filtered shell
1011/tcp filtered unknown
1025/tcp filtered NFS-or-IIS
1434/tcp filtered ms-sql-m
4242/tcp filtered vrml-multi-use
5000/tcp filtered upnp
5030/tcp filtered surfpass
6129/tcp filtered unknown
8181/tcp filtered unknown
10566/tcp filtered unknown

There is PORT 25 OPEN

Nslookup results of this ip :

  • nslookup 208.65.144.3
  • Server: 192.168.85.2
  • Address: 192.168.85.2#53

Non-authoritative answer :

3.144.65.208.in-addr.arpa name = mxl144v3.mxlogic.net.

When i trying to connect into 25 with the help of telnet, i simply fire this command :

  • telnet 208.65.144.3 25
  • telnet 208.65.144.3 25
  • Trying 208.65.144.3…
  • Connected to 208.65.144.3.
  • Escape character is ‘^]’.

220 p01c11m004.mxlogic.net ESMTP mxl_mta-8.5.0-6 [2b779361e940.565643.00-2358]; Mon, 08 Feb 2016 02:58:43 -0700 (MST); NO UCE, INBOUND (p01c11m004.mxlogic.net)

So someone can load shell code, or other would fill the stream both could work.

Here we try simple Commands for demonstration purpose
We fire this command :

  • telnet 208.65.144.3 25
  • Trying 208.65.144.3…
  • Connected to 208.65.144.3.
  • Escape character is ‘^]’.
  • 220 p01c11m004.mxlogic.net ESMTP mxl_mta-8.5.0-6 [2b779361e940.565643.00-2358]; Mon, 08 Feb 2016 02:58:43 -0700 (MST); NO UCE, INBOUND (p01c11m004.mxlogic.net)

  • EHLO localhost
  • 250-p01c11m004.mxlogic.net
  • 250-SIZE 0
  • 250-STARTTLS
  • 250-SUBMITTER
  • 250-8BITMIME
  • 250 PIPELINING

Now we just type commands like MAIL FROM: and all that and take advantages.

Leave a Reply

Your email address will not be published. Required fields are marked *

*