Follow us on Twitter!
Hacking isn't just Computers & Exploits. It's a Philosophy. - Mr_Cheese
Wednesday, April 23, 2014
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Members Online
Total Online: 19
Guests Online: 18
Members Online: 1

Registered Members: 82885
Newest Member: ConiBE
Latest Articles

SMTP injection

Arrow Image About injection of commands into SMTP

I haven't done anything in a while, and I didn't find this here, so I figured I'd write an article on it. Here you go.

There are cases where an application may preform the SMTP conversation itself, or may pass user supplied input to a different component in order to do this. In this situation, it may be possible to inject arbitrary SMTP commands directly into this conversation, potentially taking full control of the messages being generated by the application.

For example, consider an application that uses requests of the following form to submit site feedback:

Post feedback.php HTTP/1.1

This causes the web application to preform an SMTP conversation with the following commands:

Subject: site feedback

NOTE: After the SMTP client issues the DATA command, it sends the contents of the email message comprising of the message headers and body, and then sends a single dot character on its own line. This tells the server that the message is complete, and the client can then issue further SMTP commands to send further messages.

In this situation, you may be able to inject arbitrary SMTP commands into any of the email fields that you control. For example, you can attempt to inject into the Subject field as follows:

Post feedback.php HTTP/1.1

If the application is vulnerable, then this will result in the following SMTP conversation, which give two different email messages, with the second being entirely within you control:

Subject: site feedback
Subject: Cheap Viagra

Finding SMTP injection flaws:

To probe an application's mail functionality effectively, you need to target every parameter that is submitted to an email-related function, even those that may initially appear to be unrelated to the content of the generated message.

You should also test for each kind of attack, and you should preform each test case using both windows and unix-style newline characters.

I hope you liked it, I'm working on more as we speak.


Zephyr_Pureon December 28 2008 - 01:45:10
I didn't approve this article because: (1) The content is very light and lofty and, (2) I feel like I've seen it before. While you illustrate a single technique, you don't explain it well enough to even make this a single-focus article. I should've just disapproved this heap of shit when I had the chance.
Zephyr_Pureon December 28 2008 - 02:29:22
The problem is that people care less, submit less, and ultimately pieces of shit like this seem to make it through the cracks. We need quality members, quality content, and at least halfway give-a-shit-itude. I'm just going to start disapproving anything that looks halfway questionable, since some people seem incapable of disapproving shit when they see it in the submissions.
korgon December 28 2008 - 03:26:59
Old, outdated and bullshit. Anyone running this is an ass! SMTP exploits have change my dear. Grammer and punctuation sucks bad. Sorry! -10/10
fallingmidgeton December 28 2008 - 22:40:17
so this and the other article are crap and disclose obvious things where as "how not to annoy others" is very good and in no way discloses the obvious. it feels like there are some bias people here.
Zephyr_Pureon December 29 2008 - 12:40:50
No, you're just hoping that there are biased people here so that you can defend your choice to write an article solely about one "trick" (email header injection using carriage returns and new lines). Since you chose to bring up that particular article, I'll bite... I approved it (for laughs) and commented on it stating that it couldn't possibly get an "Awesome". Now, why did it get the positive reviews that it did? The purpose of his article was a valid one and was expressed using: (1) Good grammar technique, (2) Good structure of thoughts and supporting details, and (3) Depth of concepts and logic. Take out the quote blocks in your article here and look at the amount of text you actually wrote. Read it and pay attention to the depth (or lack thereof). You gave the "how not to annoy others" article a Good rating... What would you give yours here?
fallingmidgeton December 29 2008 - 12:52:39
i rated mine average because i see what you mean. i could have gone more in depth about it and perhaps broaden the scope of the article to other uses of this trick
richohealeyon January 01 2009 - 08:39:09
Also explain that your % escapes rely totally on the http actually converting them to their ascii equivalents, some don't.
Bejkeron January 10 2009 - 15:38:27
I can't understand why other "smart asses" acting like a jurkes.It's not the best but show some respect because S/He spent some time writing this.I also don't know English good (so what than),but know how to every bit working in my PC.Your replays are annoying... Writing for such a "nice" people is a wasting of time! "You didn't even explain what %0d%0a is/does..."Let's open hellboundpedia... Good for exert...
Nubilosuson January 17 2009 - 19:55:05 <- Here you go sorry, bored)
Post Comment


You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.