From: SCInfo@SMTPCommander.com
Date: Tue Jan 31 2006 - 22:10:03 EST
www.SMTPCommander.com
It has been made smaller, with a few of the higher level features removed, but the core features for pen testing as a SMTP Rootkit remain. They are:
* send script commands via SMTP emails
* put files to the server (put pwdump for example)
* ability to execute cmd shells as system (execute pwdump)
* get files from the server (get pwdump output)
* return results via SMTP emails
* redirect SMTP emails - map any SMTP address to another, wildcard allows all SMTP email to be sent to another SMTP email address
* supports IIS5/6, inc Exchange Server 2000/2003
* single DLL install, about 85K in size
* quite operation, runs under inetinfo - virtually undetectable *after* inetinfo starts
* once installed (with admin rights) you can own
the box via email messaging past any firewall, or other email systems. As long as you can get your SMTP message to the box with SMTPCommander on it you own it.
There are two versions -- the open source pen test version, and a closed source more robust (but also free) version designed to work as a secure admin tool and resource kit tool for Exchange Sentry which is a commercial anti-spam system for Exchange Server(www.ExchangeSentry.com).
Thank you for considering it, donations are gladly accepted via link on web site.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:26 EDT