Telnet

Interactive telnet session with Mail server
$ telnet auth.oeey.com 25 Trying 50.50.251.110... Connected to auth.oeey.com. Escape character is '^]'. ehlo bob 220 ****************************** 250-auth.oeey.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH CRAM-MD5 LOGIN DIGEST-MD5 GSSAPI NTLM PLAIN 250-AUTH=CRAM-MD5 LOGIN DIGEST-MD5 GSSAPI NTLM PLAIN 250 8BITMIME

The contents of your message file should resemble this example:

HELO host.example.com MAIL FROM:  RCPT TO:  DATA From: [Alice]  To:  Date: Mon, 12 Apr 2010 14:21:26 -0400 Subject: Test Message

Hi there! This is supposed to be a real email...

Have a good day! Alice

. QUIT

Now feed message to netcat: /usr/bin/nc smtp.domain.com 25 < /tmp/message

Trying 50.50.251.110... Connected to auth.oeey.com. Escape character is '^]'. 220 ****************************** EHLO trogdor 250-auth.oeey.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH CRAM-MD5 LOGIN DIGEST-MD5 GSSAPI NTLM PLAIN 250-AUTH=CRAM-MD5 LOGIN DIGEST-MD5 GSSAPI NTLM PLAIN 250 8BITMIME AUTH LOGIN 334 VXNlcm5hbWU6                          ## Username: a2VubmV0aC5idXJnZW5lcg==                  ## kenneth.burgener 334 UGFzc3dvcmQ6                          ## Password: SW1CQjE5OTkh                              ## **** 235 Authentication successful RCPT TO:  503 Error: need MAIL command MAIL FROM:  250 Ok RCPT TO:  250 Ok DATA 354 End data with . Subject: This is a test From: Kenneth  To: Kenneth 
 * 1) telnet auth.oeey.com 25

This is a test .

250 Ok: queued as 8E2FD52095 500 Error: bad syntax quit 221 Bye

SMTP Authentication

 * IndiMail: Authenticated SMTP tutorial - http://indimail.blogspot.com/2010/03/authenticated-smtp-tutorial.html
 * Tutorial: SMTP Authentication - http://www.fehcom.de/qmail/smtpauth.html
 * http://jetmore.org/john/code/gen-auth
 * SMTP AUTH for sendmail 8.10: Realms and Examples - http://www.sendmail.org/~ca/email/authrealms.html

Use base64 tool to encode decode: echo -n "[pass]" | /usr/bin/base64 echo -n "[encpass]" | /usr/bin/base64 -d printf "\0postmaster@example.com\0pass" | /var/indimail/bin/base64 printf 'VXNlcm5hbWU6' | mimencode -u ; echo

LOGIN Authentication
This method accepts username and password as supplemental args. It simply returns each string Base64 encoded. This provides only minimal advantages over using ENCODE twice. One advantage is hiding the password if you provide it on STDIN

LOGIN: (base64) EHLO trogdor AUTH LOGIN 334 VXNlcm5hbWU6                          ## Username: a2VubmV0aC5idXJnZW5lcg==                  ## kenneth.burgener 334 UGFzc3dvcmQ6                          ## Password: SW1CQjE5OTkh                              ## **** 235 Authentication successful

PLAIN Authentication
This type generates a PLAIN (RFC 2595) authentication string. It accepts supplemental arguments of username and password. It generates a Base64 encoded string "\0 \0 ".

PLAIN: (base64 on single line) EHLO trogdor AUTH PLAIN 334 AGtlbm5ldGguYnVyZ2VuZXIASW1CQjE5OTkh      ## \000kenneth.burgener\000**** 235 Authentication successful perl -MMIME::Base64 -e 'print encode_base64("\000jms1\@jms1.net\000not.my.real.password")' perl -MMIME::Base64 -e 'print encode_base64("\000kenneth.burgener\000****")' AGtlbm5ldGguYnVyZ2VuZXIASW1CQjE5OTkh

This also works: AUTH PLAIN AGtlbm5ldGguYnVyZ2VuZXIASW1CQjE5OTkh      ## \000kenneth.burgener\000****

CRAM-MD5
CRAM-MD5 (RFC 2195) accepts three supplemental arguments. The first is the username and the second is the password. The third is the challenge string provided by the server. This string can be either Base64 encoded or not. The RFC states that all (unencoded) challenge strings must start w/ '<'. This is used to whether the string is Base64 encoded or not.

CRAM-MD5 uses the challenge and the supplied password to generate a digest. it then returns the Base64 encoded version of the string md5(" ")


 * http://indimail.blogspot.com/2010/03/authenticated-smtp-tutorial.html

3. AUTH CRAM-MD5

The CRAM-MD5 is a challenge-response method where the password is not sent over the network. It is expected that the password is stored in the clear in IndiMail's backend database MySQL.

% sudo /var/indimail/bin/vpasswd postmaster@example.com -e pass

Next step is to write a script named cram-md5

% cat > cram-md5 <<>" sys.exit(1) str=cram_md5_response(sys.argv[1], sys.argv[2], sys.argv[3]); print "%s" %str EOF

% sudo chmod +x ./cram-md5

Now when you do (see below) auth cram-md5, the server will issue a challenge e.g. in the below example, the challenge is

PDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg==

if you decode this, i.e.

% echo PDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg== | base64 -d <20137.1267585100@indimail.org>

The response for the challenge can be generated using the cram-md5 shell script which we created above. i.e.

% ./cram-md5 PDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg== cG9zdG1hc3RlckBleGFtcGxlLmNvbSBjZWU4Mzk3YWIxMjNhMGQ0ZjNhN2ZkZGJiOWNiODcxOQ==

% telnet 0 smtp Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 indimail.org (NO UCE) ESMTP IndiMail 1.137 3 Mar 2010 08:28:17 +0530 auth cram-md5 334 PDIwMTM3LjEyNjc1ODUxMDBAaW5kaW1haWwub3JnPg== cG9zdG1hc3RlckBleGFtcGxlLmNvbSBjZWU4Mzk3YWIxMjNhMGQ0ZjNhN2ZkZGJiOWNiODcxOQ== 235 ok, go ahead (#2.0.0)

Please do take a look at Erwin Hoffman's excellent tutorial on the same subject at http://www.fehcom.de/qmail/smtpauth.html

CRAM-SHA1
This behaves the same as CRAM-MD5 but uses SHA1 digesting rather than MD5.

DIGEST-MD5

 * http://www.sendmail.org/~ca/email/authrealms.html

250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 250 HELP >>> AUTH DIGEST-MD5 334 bm9uY2U9IkFKUlVjNUp4MFVRYnY1U0o5Rm95VW5hWnBxWklIRGhMVFUrQXduL0swVXc9Iixxb3A9ImF1dGgsYXV0aC1pbnQsYXV0aC1jb25mIixjaXBoZXI9InJjNC00MCxyYzQtNTYscmM0LGRlcywzZGVzIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw== >>> dXNlcm5hbWU9InRlc3QiLHJlYWxtPSJ3aXouZXhhbXBsZS5jb20iLG5vbmNlPSJBSlJVYzVKeDBVUWJ2NVNKOUZveVVuYVpwcVpJSERoTFRVK0F3bi9LMFV3PSIsY25vbmNlPSJBSlJVYzVKeDBVUWJ2NVNKOUZveVVuYVpwcVpJSERoTFRVK0F3bi9LMFV3PSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtY29uZixjaXBoZXI9InJjNCIsY2hhcnNldD11dGYtOCxkaWdlc3QtdXJpPSJzbXRwL2xvY2FsaG9zdC5zZW5kbWFpbC5jb20uIixyZXNwb25zZT0wZTdjZmNhZTcxN2VlYWM5NzJmYzlkNTYwNmExMDgzZA== 334 cnNwYXV0aD03NDM5ODBjODQ0MmRiYjcxNmQ0ZWE5ZTQ5OTNiMDFkMA== >>> 235 2.0.0 OK Authenticated

Decoded:

nonce="AJRUc5Jx0UQbv5SJ9FoyUnaZpqZIHDhLTU+Awn/K0Uw=",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",charset=utf-8,algorithm=md5-sess

username="test",realm="wiz.example.com",nonce="AJRUc5Jx0UQbv5SJ9FoyUnaZpqZIHDhLTU+Awn/K0Uw=",cnonce="AJRUc5Jx0UQbv5SJ9FoyUnaZpqZIHDhLTU+Awn/K0Uw=",nc=00000001,qop=auth-conf,cipher="rc4",charset=utf-8,digest-uri="smtp/localhost.sendmail.com.",response=0e7cfcae717eeac972fc9d5606a1083d

rspauth=743980c8442dbb716d4ea9e4993b01d0

GSSAPI

 * http://en.wikipedia.org/wiki/Generic_Security_Services_Application_Program_Interface

NTLM
Although it may be advertised as one of the above types, this method of authentication if refered to singularly as NTLM. This is a multi-step authentication type. The first 3 arguments must be supplied up front. They are username, password, and domain, in that order. These three strings are used to generate an "Auth Request" string. This string should be passed verbatim to the server. The server will then respond with a challenge. This challenge is the fourth argument. After receiving the server challenge, gen-auth will produce an "Auth Response". Posting this response to the server completes the NTLM authentication transaction.

This authentication method requires the Authen::NTLM perl module to be installed. See EXAMPLES for an example of this transaction. Note also that 'domain' is often blank from client or ignored by server.


 * Complicated challenge response:
 * http://curl.haxx.se/rfc/ntlm.html
 * http://davenport.sourceforge.net/ntlm.html
 * 

Interactive telnet session with a Web server
Interactive telnet session with a Web server

We will first explore the HTTP protocol by using a good old program called telnet, that can connect on any port service by just providing the port number as an argument on the command line. This will let us see what is normally hidden by a standard Web browser: actual request and server responses, before being handled by a graphical end-user browser.

Exercise 1.1. Fetch a document
Let us fetch a document from the Pasteur Institute Web server:

% telnet www.pasteur.fr 80 Trying 157.99.64.12... Connected to www.pasteur.fr. Escape character is '^]'. GET /formation/infobio/web/cours/data/page1.html HTTP/1.0

HTTP/1.1 200 OK Date: Tue, 24 Feb 2004 18:01:05 GMT Server: Apache/1.3.26 (Unix) mod_perl/1.24_01 mod_ssl/2.8.10 OpenSSL/0.9.5a Last-Modified: Tue, 18 Feb 2003 13:40:14 GMT ETag: "101e6a1-cd-3e5237be" Accept-Ranges: bytes Content-Length: 205 Connection: close Content-Type: text/html; charset=iso-8859-1

A sample Web page

A first header And some text...

Connection closed by foreign host. %

You can as well get important information from the Web server, before getting the entire document:

% telnet www.pasteur.fr 80 Trying 157.99.64.12... Connected to www.pasteur.fr. Escape character is '^]'. HEAD /formation/infobio/web/cours/data/page1.html HTTP/1.0

HTTP/1.1 200 OK Date: Tue, 24 Feb 2004 18:01:05 GMT Server: Apache/1.3.26 (Unix) mod_perl/1.24_01 mod_ssl/2.8.10 OpenSSL/0.9.5a Last-Modified: Tue, 18 Feb 2003 14:38:31 GMT ETag: "101e6a1-cd-3e5237be" Accept-Ranges: bytes Content-Length: 205 Connection: close Content-Type: text/html; charset=iso-8859-1

Connection closed by foreign host. %

What could this kind of information be useful for?

Exercise 1.2. HTTP headers
Let us use date information from the server. For instance, say you do not want a too recently modified file: you can use an HTTP header for this purpose.

% telnet www.pasteur.fr 80 Trying 157.99.64.12... Connected to www.pasteur.fr. Escape character is '^]'. GET /formation/infobio/web/cours/data/page1.html HTTP/1.0 If-Modified-Since: Tue, 18 Feb 2003 14:38:31 GMT

HTTP/1.1 304 Not Modified Date: Tue, 24 Feb 2004 18:01:05 GMT Server: Apache/1.3.26 (Unix) mod_perl/1.24_01 mod_ssl/2.8.10 OpenSSL/0.9.5a Last-Modified: Tue, 18 Feb 2003 14:38:31 GMT Connection: close ETag: "101e6a1-cd-3e5237be"

Connection closed by foreign host.

Another useful header let you chain several requests. Try:

% telnet www.pasteur.fr 80 Trying 157.99.64.12... Connected to www.pasteur.fr. Escape character is '^]'. GET /formation/infobio/web/cours/data/page1.html HTTP/1.0 Connection: keep-alive

What can you do after server's reposnse?

Exercise 1.3. HTTP status code
HTTP return codes help you know whether a request has been successful. Explain what happens in the following:

% telnet bioweb.pasteur.fr 80 Trying 157.99.64.11... Connected to rosalind.sis.pasteur.fr. Escape character is '^]'. GET /formation/infobio/web/cours/data/page1.html HTTP/1.0

HTTP/1.1 404 Not Found Date: Tue, 24 Feb 2004 18:01:05 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Tue, 18 Feb 2003 14:38:31 GMT Connection: close Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">  404 Not Found</TITLE> </HEAD><BODY> <H1>Not Found</H1> The requested URL /formation/infobio/web/cours/data/page1.html was not found on this server.<P> <HR> <ADDRESS>Apache/1.3.20 Server at bioweb.pasteur.fr Port 80</ADDRESS> </BODY></HTML> Connection closed by foreign host. %

And here:

% telnet www.pasteur.fr 80 Trying 157.99.64.12... Connected to www.pasteur.fr. Escape character is '^]'. HEAD /formation/infobio/web/cours/data/page2.html HTTP/1.0

HTTP/1.1 403 Forbidden Date: Tue, 24 Feb 2004 18:01:05 GMT Server: Apache/1.3.26 (Unix) mod_perl/1.24_01 mod_ssl/2.8.10 OpenSSL/0.9.5a Last-Modified: Tue, 26 Nov 2002 15:21:19 GMT ETag: "ee325-c4c-3de3916f" Accept-Ranges: bytes Content-Length: 3148 Connection: close Content-Type: text/html; charset=iso-8859-1

Connection closed by foreign host.

Exercise 1.4. HTTP GET: dynamic content
A Web server does not only serve static document. You can also issue request to get dynamically computed document. At the HTTP protocol level, there are several ways to achieve this. Firstly, try:

% telnet www.pasteur.fr 80 Trying 157.99.64.12... Connected to www.pasteur.fr. Escape character is '^]'. GET /cgi-bin/biology/bnb_s.pl?query=biopython HTTP/1.0

what do you get?

Try another one (put your own email in place of YOUR_EMAIL):

% telnet bioweb.pasteur.fr 80 Trying 157.99.64.11... Connected to rosalind.sis.pasteur.fr. Escape character is '^]'. GET /cgi-bin/seqanal/pdbsearch.pl?email=YOUR_EMAIL&query=1crn HTTP/1.0

Exercise 1.5. HTTP POST
Describe the difference between Exercise 1.4 and the following (do not forget to reset the Content-length according to the total length of the request character string, e.g: ):

% telnet bioweb.pasteur.fr 80 Trying 157.99.64.11... Connected to rosalind.sis.pasteur.fr. Escape character is '^]'. POST /cgi-bin/seqanal/pdbsearch.pl HTTP/1.0 Content-type: application/x-www-form-urlencoded Content-length: 35

email=YOUR_EMAIL&query=1crn