Pentesting

Exploiting SMTP

  • Enumerating SMTP Server Details

    • Use Metasploit "smtp_version" module - scans a range of IPs and determines the version of mail servers running

  • Enumerating SMTP Users

    • SMTP service has two internal commands that lets us enumerate users

      • VRFY - confirming the names of valid users

      • EXPN - reveals the actual address of user's aliases of email (mailing list )

    • Metasploit "smtp_enum" module

      • feed it a host or range of IPs and a wordlist containing usernames to enumerate

PreviousExploiting NFSNextExploiting Telnet

Last updated