📝
Basic Penetration Testing
  • About Knowledge
  • Server Enumeration
    • Scanning
    • Common Services
      • FTP - 21
      • SMTP - 25
      • SMB - 139, 445
  • Web Application
    • Enumeration
    • Exploitation
    • Execute Commands
    • Databases
      • MySQL
      • SQLite
      • MSSQL
      • PostgreSQL
  • Remote Code Execution
  • File Transfer
    • HTTP Server
    • SMB Protocol
    • FTP Server on Kali Linux
  • Hash Cracking
  • Privilege Escalation
    • Windows Privilege Escalation
    • Linux Privilege Escalation
  • Buffer Overflow
  • About LeeCyberSec
Powered by GitBook
On this page
  • SMTP Reference
  • Server Connection
  • Scanning Vul
  • SMTP Common Commands

Was this helpful?

  1. Server Enumeration
  2. Common Services

SMTP - 25

PreviousFTP - 21NextSMB - 139, 445

Last updated 4 years ago

Was this helpful?

SMTP Reference

The supports several interesting commands, such as VRFY and EXPN. A VRFY request asks the server to verify an email address, while EXPN asks the server for the membership of a mailing list.

Let's continue with SMTP commands. As mentioned earlier, we do not yet have a very large list of usernames to guess. Let's consider what we might try so far:

  • root : by default

  • beta : the name of the machine

  • james : the name of the server, and also an English male name.

  • (We could also try variations like Jamie, but we won't go down that road for now.)

    ```

Server Connection

$ nc -nvC $ip 25
$ telnet $ip 25

EXPN
VRFY <user>

Scanning Vul

$ nmap $ip -p 25 --script=smtp-*

$ sudo msfconsole -q -x "setg RHOSTS $ip;
use auxiliary/scanner/smtp/smtp_enum; run;
use auxiliary/scanner/smtp/smtp_relay; run;
use auxiliary/scanner/smtp/smtp_version; run;
exit"
$ helo admin
$ mail from:<>
$ rcpt to:<nobody>
$ data
leevn
.

Simple Mail Transport Protocol (SMTP)
JAMES SMTP Server
James stands for Java Apache Mail Enterprise Server!
An open source SMTP and POP3 mail transfer agent and NNTP news server written entirely in Java
SMTP Common Commands