search

25 - SMTP

hashtag
MANUALLY

We can use this service to find out which usernames are in the database. This can be done in the following way.

nc ip                                                                              

telnet ip

hashtag
AUTOMATED

This process can of course be automatized

Check for commands

hashtag
nmap

nmap -script smtp-commands.nse <ip>

hashtag
smtp-user-enum

The command will look like this. -M for mode. -U for userlist. -t for target

smtp-user-enum -M VRFY -U /root/sectools/SecLists/Usernames/Names/names.txt -t <ip>

hashtag
METASPLOIT

It can also be done using metasploit

hashtag
SMTP DOCUMENTS

  • https://cr.yp.to/smtp/vrfy.html

  • http://null-byte.wonderhowto.com/how-to/hack-like-pro-extract-email-addresses-from-smtp-server-0160814/

  • http://www.dummies.com/how-to/content/smtp-hacks-and-how-to-guard-against-them.html

  • http://pentestmonkey.net/tools/user-enumeration/smtp-user-enum

  • https://pentestlab.wordpress.com/2012/11/20/smtp-user-enumeration/

Previous23 - TelnetNext53 - DNS

Last updated