OSCP Notes
  • Introduction
  • Port Scanning
  • Nmap Port Scanning
  • Nmap Scripts
  • Services Enumeration
    • SMB Enumeration (Port 139, 445)
    • SNMP Enumeraion (Port 161)
    • NFS Enumeration (Port 111, 2049)
    • SMTP Enumeration (Port 25)
    • DNS Enumeration (Port 53)
    • POP3 (Port 110, 25*)
    • MySQL (Port 3306)
    • Oracle (Port 1521)
    • MsSQL (Port 1433)
  • Web / HTTP
    • Web Scanning
    • CMS
    • Directory Fuzzing
    • File Upload
      • Bypass file upload filtering
      • Bruteforcing extensions
      • WebDAV
    • Bruteforce Authentication
    • LFI and RFI
      • Interesting Files for LFI
      • Null Byte Injection
      • PHP Wrappers
    • ShellShock
    • Post Requests
  • password attacks
    • Brute-force service password
    • Cracking Password
    • Custom Worldlist
  • Exploitaion
    • Searchsploit
    • Compiling the Exploit
  • shell
    • Bind and Reverse shell
    • Upgrading shell
    • msfvenom
  • Linux Post Exploitation
    • Linux Manual Exploitation
    • Linux post exploitation scripts
    • Kernel Exploitation
  • windows post exploitation
    • General
    • Manual Exploitaion
    • Dumping the sam file
    • SUDO SU
    • Automated enumeration script
    • Windows Exploit Suggester
  • file transfer
    • General
    • Linux
    • Windows
  • cheatsheets
    • Command injection Cheatsheet
    • Find Command Cheatsheet
    • Netcat
    • SQL Injection Bypass
    • CheckList
    • XSS Payload
Powered by GitBook
On this page
  • Quick Intro
  • NSE
  • User Enumeration
  • Connection
  • Command to check if a user exists
  • Command to ask the server if a user belongs to a mailing list
  • Brute Force
  • Send email using netcat
  1. Services Enumeration

SMTP Enumeration (Port 25)

Quick Intro

  • Used to send, receive, and relay outgoing emails

  • Used port 25

  • Main attacks are user enumeration and using an open relay to send spam

NSE

nmap 192.168.1.101 --script=smtp* -p 25

nmap --script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 -p 25 $ip

User Enumeration

smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t $ip

for server in $(cat smtpmachines); do echo "******************" $server "*****************"; smtp-user-enum -M VRFY -U userlist.txt -t $server;done #for multiple servers
# For multiple servers

Connection 

telnet $ip 25

Command to check if a user exists

VRFY root

Command to ask the server if a user belongs to a mailing list

EXPN root

Brute Force 

hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V

Send email using netcat

PreviousNFS Enumeration (Port 111, 2049)NextDNS Enumeration (Port 53)

Last updated 3 years ago

http://www.microhowto.info/howto/send_an_email_using_netcat.html