{"id":568,"date":"2019-10-10T10:18:34","date_gmt":"2019-10-10T08:18:34","guid":{"rendered":"https:\/\/privat.andreas-klingler.de\/itsec\/?p=568"},"modified":"2024-06-09T13:13:27","modified_gmt":"2024-06-09T11:13:27","slug":"smtp","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=568","title":{"rendered":"25 <span class=\"caps\">SMTP<\/span>"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Enumeration<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Mandatory<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Grab ban\u00adner<br><code>telnet $target 25 \/\/ plain SMTP<\/code><br><code>openssl s_client -crlf -connect $target:465 \/\/ without STARTTLS<br>openssl s_client -starttls smtp -crlf -connect <code>$target<\/code>:587 \/\/ with STARTTLS<\/code><\/li>\n\n\n\n<li>Search for exploits for this server.<\/li>\n\n\n\n<li>Enu\u00admer\u00adate with nmap<br><code>nmap -p25 --script smtp-commands $target<\/code><\/li>\n\n\n\n<li>Enu\u00admer\u00adate short userlist with nmap<br><code>nmap -p25 --script smtp-enum-users.nse $target<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Optional<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Find user\u00adnames: <br><code>smtp-user-enum -M VRFY -U \/usr\/share\/wordlists\/metasploit\/unix_users.txt -t $target<br>smtp-user-enum -M VRFY -U \/usr\/share\/wordlists\/seclists\/Usernames\/xato-net-10-million-usernames.txt -t $target<\/code> \u2011m&nbsp;20<\/li>\n\n\n\n<li>Try the ismtp&nbsp;tool.<\/li>\n\n\n\n<li>If you have a valid user\u00adname and pass\u00adword, <a href=\"https:\/\/andreas-klingler.de\/infosec\/?p=2434\" data-type=\"post\" data-id=\"2434\">try to log in<\/a>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">On Windows<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use telnet.exe (from the sys\u00adtem direct\u00adly in \\system32 or copy it from anoth\u00ader machine) and con\u00adnect via tel\u00adnet with the smtp server.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Enu\u00admer\u00ada\u00adtion Manda\u00adto\u00adry Option\u00adal On Windows<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[36],"tags":[88,89,50,161],"class_list":["post-568","post","type-post","status-publish","format-standard","hentry","category-port","tag-e-mail","tag-email","tag-enumeration","tag-smtp"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/568","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=568"}],"version-history":[{"count":14,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/568\/revisions"}],"predecessor-version":[{"id":3899,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/568\/revisions\/3899"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}