Skip to content

Latest commit

 

History

History
52 lines (37 loc) · 1.31 KB

File metadata and controls

52 lines (37 loc) · 1.31 KB

SMTP Enumeration (Simple Mail Transfer Protocol)

root@kali:~# nc -nv 192.168.1.12 25
(UNKNOWN) [192.168.1.12] 25 (smtp) open
220 WIN-3UR24XX66QZ Microsoft ESMTP MAIL Service, Version: 7.0.6001.18000 ready at    Thu, 4 Jan 2018 11:48:35 +0200
  • mail servers can also be used to gather information about a host or network.
  • SMTP supports several important commands, such as VRFY and EXPN.
  • A VRFY request asks the server to verify an email address
  • while EXPN asks the server for the membership of a mailing list.
  • These can often be abused to verify existing users on a mail server, which can later aid the attacker.
# This procedure can be used to help guess valid usernames.
> nc -nv 192.168.11.215 25
  • Examine the following simple Python script that opens a TCP socket, connects to the SMTP server, and issues a VRFY command for a given username.
# !/usr/bin/python
import socket
import sys

if len(sys.argv) != 2:
  print "Usage: vrfy.py <username>"
  sys.exit(0)

# Create a Socket
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Connect to the Server
connect=s.connect(('192.168.11.215',25))

# Receive the banner
banner=s.recv(1024)
print banner

# VRFY a user
s.send('VRFY' - sys.argv[1] - '\r\n')
result=s.recv(1024)
print result

# Close the socket
s.close()