search

25 - SMTP

The Simple Mail Transfer Protocol is a communication protocol for electronic mail transmission.

hashtag
SMTP User Enumeration Utility

Allows the enumeration of users: VRFY (confirming the names of valid users) and EXPN (which reveals the actual address of users aliases and lists of e-mail (mailing lists)). Through the implementation of these SMTP commands can reveal a list of valid users. User files contains only Unix usernames so it skips the Microsoft based Email SMTP Server. This can be changed using UNIXONLY option and custom user list can also be provided.

Metasploit:

use auxiliary/scanner/smtp/smtp_enum

hashtag
Manual Enumeration

You can guess for valid user account through the following command and if you receive response code 550 it means unknown user account:

telnet into the host:

telnet 192.168.0.1 25

Using vrfy: 

vrfy [email protected]

Using rcpt:

RCPT TO:root

If you received a message code 250,251,252 which means the server has accepted the request and user account is valid.

hashtag
smtp-user-enum (builtin in Kali)

if not installed just run apt install smtp-user-enum

Simple run:

smtp-user-enum -M VRFY -U users.txt -t 10.0.0.1

Adding domain (will add the domain after the user):

Credit: https://0xdf.gitlab.io/2020/06/17/endgame-xen.htmlarrow-up-right

hashtag
Nmap

nmap –script smtp-enum-users.nse 172.16.212.133

hashtag
Send Email

hashtag
Swaks

Kali has a built in Perl script that can be used to send emails - Swaks - Swiss Army Knife for SMTP.

Example:

Previous22 - SSHNext53 - DNS

Last updated