H3dg3h0g's Blog
    H3dg3h0g's Blog

    Search

    Pentesting Guide and Notes

    Certification Reviews

    Writeups

    smtp (Simple Mail Transfer Protocol)

    Description

    Simple Mail Transfer Protocol servers (SMTP) are email servers.

    Enumeration

    nmap --script smtp* -p 25 $IP
    nc $IP 25
help

    If the RCPT, VRFY or EXPN verbs are enabled, they can be used to enumerate users.

    smtp-user-enum -M $VERB -U $USERS_LIST -t $IP
    Automatically brute force usernames

    Or using metasploit :

    use scanner/smtp/smtp_enum
    options
    run

    Or do it manually :

    HELO test.localdomain
MAIL FROM: test@test.localdomain
RCPT TO: $USER@$DOMAIN
    Brute force usernames using the RCPT verb
    VRFY $USER
    Brute force usernames using the VRFY verb
    EXPN $USER
    Brute force usernames using the EXPN verb

    Exploitation