SMTP Enumeration (Port 25)

Quick Intro

Used to send, receive, and relay outgoing emails
Used port 25
Main attacks are user enumeration and using an open relay to send spam

NSE

nmap 192.168.1.101 --script=smtp* -p 25

nmap --script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 -p 25 $ip

User Enumeration

smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t $ip

for server in $(cat smtpmachines); do echo "******************" $server "*****************"; smtp-user-enum -M VRFY -U userlist.txt -t $server;done #for multiple servers
# For multiple servers

Connection

telnet $ip 25

Command to check if a user exists

VRFY root

Command to ask the server if a user belongs to a mailing list

EXPN root

Brute Force

hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V

Send email using netcat

http://www.microhowto.info/howto/send_an_email_using_netcat.html

PreviousNFS Enumeration (Port 111, 2049)NextDNS Enumeration (Port 53)

Last updated 4 years ago

hashtagQuick Intro

hashtagNSE

hashtagUser Enumeration

hashtagConnection

hashtagCommand to check if a user exists

hashtagCommand to ask the server if a user belongs to a mailing list

hashtagBrute Force

hashtagSend email using netcat

Quick Intro

NSE

User Enumeration

Connection

Command to check if a user exists

Command to ask the server if a user belongs to a mailing list

Brute Force

Send email using netcat