šµļøāāļø How I Got Access to a UK Government Organizationās SMTP Server? š§šØ
B4LOGI
While researching Google Dorking over my favorite cup of coffee ā, I stumbled upon something unexpectedāan exposed mail server belonging to a UK government organization. Excited by the discovery, I decided to investigate further. Using Telnet, I attempted to connect, and to my surprise, I gained access to their mail server!
Curious about the extent of the exposure, I followed a structured approach to assess the risk while ensuring ethical boundaries. In this blog, Iāll walk you through my methodology, how I responsibly disclosed the issue through their Vulnerability Disclosure Program (VDP) on HackerOne, and the lessons we can learn from this security lapse.
Before that, let me introduce myselfāIām Ganesh Balaji V., an ethical hacker and pentester who thrives on uncovering vulnerabilities and making the digital world a safer (and more interesting) place. šš»š
How I got connected?
With my usual, yet favorite coffee in hand, I fired up my Kali terminalāthe classic black screen that every hacker loves. Curious about the exposed mail server, I decided to interact with it directly using Telnet. I ran the following command:
telnet domain 25
To my surprise, the connection was successfulāI was now interacting with a UK government organizationās mail server! What followed was a mix of excitement, curiosity, and responsibility.
I wanted to assess how vulnerable the server was without crossing ethical boundaries. To do this, I tested its email handling capabilities using standard SMTP commands. Below is the sequence I used:
HELO domain
MAIL FROM: <mail@mail.com>
RCPT TO: <mail@mail.com>
DATA
From: mail@mail.com
To: mail@mail.com
Subject: Test Mail
<Needed content>
.
If every command in the above snippet executes successfully, congratulationsāyouāve discovered an open relay vulnerability in the SMTP mail server!
An open relay allows anyone to send emails on behalf of legitimate domains without proper authentication, making it a prime target for spammers and attackers. This vulnerability can be exploited for phishing, email spoofing, or even large-scale spam campaignsāposing a significant risk to the organization.
To validate my findings, I performed a Proof of Concept (PoC), demonstrating how an attacker could misuse this vulnerability. Below is the PoC I conducted:
I successfully reported the issue to the security team through their Vulnerability Disclosure Program (VDP) on HackerOne. Given the severity of the vulnerability, I expected a responsible fix or at least an acknowledgment of its potential risks.
But to my surprise, they marked it as āinformationalāāstating that future awareness campaigns would be conducted instead of addressing the issue directly.
Seriously? An open relay vulnerability that allows unauthorized users to send emails impersonating legitimate personnelābrushed off as just informational?
Frustrated with their response, I sighed, leaned back, and reached for another cup of coffeeābecause clearly, caffeine was the only fix happening here.
Despite their dismissal, the reality remains: this vulnerability, if left unchecked, could lead to email spoofing, phishing campaigns, and even large-scale cyber threats. Ignoring it doesn't make the risk disappear.
š¢ Disclaimer: The knowledge shared here is strictly for educational purposes. The usage of these commands to perform malicious actions is a serious offense and punishable by law. šØ
Conclusion
Even though the report was marked as informational, I still found it to be a valuable learning experience. This was my first-ever HackerOne report, and despite the unexpected response, it felt like an important milestone in my journey. š„³š„³
Security research is all about persistence, learning from every experience, and continuously improving. While this report didnāt get the recognition I had hoped for, it was a stepping stone toward bigger challenges and more impactful discoveries.
This was just the beginning of my HackerOne journey, and I can't wait for whatās next! š
Letās connect on LinkedIn ā because networking isnāt just for packets! šš»
Subscribe to my newsletter
Read articles from B4LOGI directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by