SMTP - 25

SMTP Reference

The Simple Mail Transport Protocol (SMTP) supports several interesting commands, such as VRFY and EXPN. A VRFY request asks the server to verify an email address, while EXPN asks the server for the membership of a mailing list.

JAMES SMTP Server

James stands for Java Apache Mail Enterprise Server!

An open source SMTP and POP3 mail transfer agent and NNTP news server written entirely in Java

Let's continue with SMTP commands. As mentioned earlier, we do not yet have a very large list of usernames to guess. Let's consider what we might try so far:

  • root : by default

  • beta : the name of the machine

  • james : the name of the server, and also an English male name.

  • (We could also try variations like Jamie, but we won't go down that road for now.)

    ```

Server Connection

$ nc -nvC $ip 25
$ telnet $ip 25

EXPN
VRFY <user>

Scanning Vul

$ nmap $ip -p 25 --script=smtp-*

$ sudo msfconsole -q -x "setg RHOSTS $ip;
use auxiliary/scanner/smtp/smtp_enum; run;
use auxiliary/scanner/smtp/smtp_relay; run;
use auxiliary/scanner/smtp/smtp_version; run;
exit"

SMTP Common Commands

$ helo admin
$ mail from:<>
$ rcpt to:<nobody>
$ data
leevn
.
PreviousFTP - 21NextSMB - 139, 445

Last updated