25 - Pentesting smtp
nmap
Enumeration
telnet
> telnet $IP 25
> VRFY root
< 252 2.0.0 root
> VRFY szalek
< 550 5.1.1 <szalek>: Recipient address rejected: User unknown in local recipient table
> VRFY admin
< 550 5.1.1 <admin>: Recipient address rejected: User unknown in local recipient table
> VRFY user
< 252 2.0.0 user
smtp-user-enum -M VRFY -U /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -t $IP
smtp-user-enum -M EXPN -U /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -t $IP
smtp-user-enum -M RCPT -U /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -t $IP
smtp-user-enum -M EXPN -U /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -t $IP
use auxiliary/scanner/smtp/smtp_enum
msf auxiliary(smtp_enum) > set rhosts 10.10.200.211
msf auxiliary(smtp_enum) > set rport 25
msf auxiliary(smtp_enum) > set USER_FILE /tmp/users.txt
msf auxiliary(smtp_enum) > run
Executing command
Send email
Execute