Next, I have to find a way to spoof my IP but still have a complete TCP session. Now, the network traffic between the whitelisted server (10.10.10.3) and the gateway (10.10.10.1) goes to my computer (10.10.10.66) before being forwarded: Iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth2 -j MASQUERADE # Allow IP forwarding (you do not want to alert every admins )
To intercept traffic from my local subnet, ARP poisoning is a hacker’s choice. From this subnet, I am able to communicate with the email server (10.250.0.10) located in another IP subnet. I connected my computer to the same IP subnet (my IP: 10.10.10.66) as the whitelisted server (server IP: 10.10.10.3). After more research and some social engineering with our support IT staff, I got an IP address of a whitelisted system from a subnet I can connect to. The IP addresses of these systems is whitelisted in the configuration on the email server itself. Indeed, our server forces users to authenticate prior to accepting any message from OKIOK addresses.Īfter some digging through internal documentation, I discovered that some very specific systems do not have the ability to authenticate through SMTP. However, things are not always so easy, especially when the server is well-configured. Sending a raw email with a telnet-like tool would allow me to spoof any OKIOK addresses from the internal network. A hack bypassing this would be great!įirst I wanted to check whether I was able to send a email by spoofing the sender’s address, using raw SMTP commands. After having to pay rounds because of the Rubber Ducky attack, I wanted a revenge ! Daniel participated in the hardening of our email server and apparently he put extra effort to prevent SMTP mail spoofing.
0 kommentar(er)
