Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2017 Tenable Network Security, Inc.SMTP_BACKDOOR.NASL
HistoryMay 29, 2005 - 12:00 a.m.

SMTP Server Non-standard Port Detection

2005-05-2900:00:00
This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.
www.tenable.com
1247
JSON

This SMTP server is running on a non-standard port. This might be a backdoor set up by attackers to send spam or even control of a targeted machine.

#
# (C) Tenable Network Security, Inc.
#

# References:
# RFC 2645	On-Demand Mail Relay (ODMR) SMTP with Dynamic IP Addresses
#

include("compat.inc");

if (description)
{
  script_id(18391);
  script_version("$Revision: 1.16 $");
  script_cvs_date("$Date: 2017/12/01 21:51:55 $");

  script_name(english:"SMTP Server Non-standard Port Detection");
  script_summary(english:"An SMTP server is running on a non-standard port");

  script_set_attribute(attribute:"synopsis", value:"The remote SMTP service is running on a non-standard port.");
  script_set_attribute(
    attribute:"description",
    value:
"This SMTP server is running on a non-standard port.  This might be a
backdoor set up by attackers to send spam or even control of a targeted
machine."
  );
  script_set_attribute(attribute:"solution", value:"Check and clean the configuration.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_attribute(attribute:"see_also", value:"http://www.icir.org/vern/papers/backdoor/");

  script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/29");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.");
  script_family(english:"Backdoors");

  script_dependencie("smtpserver_detect.nasl");
  script_require_ports("Services/smtp");
  exit(0);
}

#

include("global_settings.inc");
include("smtp_func.inc");

port = get_kb_item("Services/smtp");
if (!port) exit(0, "The host does not appear to be running an SMTP server.");
if (!get_tcp_port_state(port)) exit(1, "Port "+port+" is not open.");

# 25 SMTP
# 366 CommuniGate Pro SMTP Module
# 465 SMTP SSL
# 475 Exchange Server 2013 mailbox role communications
# 587 Submission (RFC 4409)
# 717 Exchange Server 2013 CAS Server for mail from trusted mailbox servers
# 2525 Exchange Server 2013

if (
  port != 25 && 
  port != 366 && 
  port != 465 && 
  port != 475 && 
  port != 476 &&
  port != 477 &&
  port != 587 && 
  port != 717 && 
  port != 2525
)
{
  banner = get_smtp_banner(port:port);
  if (report_verbosity > 0 && banner)
  {
    report = '\n  Banner : ' + banner + '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
JSON