25 - SMTP

MANUALLY

We can use this service to find out which usernames are in the database. This can be done in the following way.

nc ip                                                                              

telnet ip

AUTOMATED

This process can of course be automatized

Check for commands

nmap

nmap -script smtp-commands.nse <ip>

smtp-user-enum

The command will look like this. -M for mode. -U for userlist. -t for target

smtp-user-enum -M VRFY -U /root/sectools/SecLists/Usernames/Names/names.txt -t <ip>

METASPLOIT

It can also be done using metasploit

msf > use auxiliary/scanner/smtp/smtp_enum

SMTP DOCUMENTS

  • https://cr.yp.to/smtp/vrfy.html

  • http://null-byte.wonderhowto.com/how-to/hack-like-pro-extract-email-addresses-from-smtp-server-0160814/

  • http://www.dummies.com/how-to/content/smtp-hacks-and-how-to-guard-against-them.html

  • http://pentestmonkey.net/tools/user-enumeration/smtp-user-enum

  • https://pentestlab.wordpress.com/2012/11/20/smtp-user-enumeration/

Previous23 - TelnetNext69 - TFTP

Last updated