akde/infosec

Information security is ultimately about managing risk

25 SMTP

, , ,

Enumeration

Mandatory

  • Grab ban­ner
    telnet $target 25 // plain SMTP
    openssl s_client -crlf -connect $target:465 // without STARTTLS
    openssl s_client -starttls smtp -crlf -connect $target:587 // with STARTTLS
  • Search for exploits for this server.
  • Enu­mer­ate with nmap
    nmap -p25 --script smtp-commands $target
  • Enu­mer­ate short userlist with nmap
    nmap -p25 --script smtp-enum-users.nse $target

Optional

  • Find user­names:
    smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t $target
    smtp-user-enum -M VRFY -U /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -t $target     ‑m 20
  • Try the ismtp tool.
  • If you have a valid user­name and pass­word, try to log in.

On Windows

  • Use telnet.exe (from the sys­tem direct­ly in \system32 or copy it from anoth­er machine) and con­nect via tel­net with the smtp server.

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';