SMTP Enumeration (Port 25)

Quick Intro

Used to send, receive, and relay outgoing emails
Used port 25
Main attacks are user enumeration and using an open relay to send spam

NSE

nmap 192.168.1.101 --script=smtp* -p 25

nmap --script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 -p 25 $ip

User Enumeration

smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t $ip

for server in $(cat smtpmachines); do echo "******************" $server "*****************"; smtp-user-enum -M VRFY -U userlist.txt -t $server;done #for multiple servers
# For multiple servers

Connection

telnet $ip 25

Command to check if a user exists

VRFY root

Command to ask the server if a user belongs to a mailing list

EXPN root

Brute Force

hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V

Send email using netcat

http://www.microhowto.info/howto/send_an_email_using_netcat.html

PreviousNFS Enumeration (Port 111, 2049)NextDNS Enumeration (Port 53)

Last updated 4 years ago