Search

Pentesting Guide and Notes

Certification Reviews

Writeups

smtp (Simple Mail Transfer Protocol)

Description

Simple Mail Transfer Protocol servers (SMTP) are email servers.

Enumeration

nmap --script smtp* -p 25 $IP
nc $IP 25
help

If the RCPT, VRFY or EXPN verbs are enabled, they can be used to enumerate users.

smtp-user-enum -M $VERB -U $USERS_LIST -t $IP
Automatically brute force usernames

Or using metasploit :

use scanner/smtp/smtp_enum
options
run

Or do it manually :

HELO test.localdomain
MAIL FROM: test@test.localdomain
RCPT TO: $USER@$DOMAIN
Brute force usernames using the RCPT verb
VRFY $USER
Brute force usernames using the VRFY verb
EXPN $USER
Brute force usernames using the EXPN verb

Exploitation