25 - SMTP
The Simple Mail Transfer Protocol is a communication protocol for electronic mail transmission.
SMTP User Enumeration Utility
Allows the enumeration of users: VRFY (confirming the names of valid users) and EXPN (which reveals the actual address of users aliases and lists of e-mail (mailing lists)). Through the implementation of these SMTP commands can reveal a list of valid users. User files contains only Unix usernames so it skips the Microsoft based Email SMTP Server. This can be changed using UNIXONLY option and custom user list can also be provided.
Metasploit:
Manual Enumeration
You can guess for valid user account through the following command and if you receive response code 550 it means unknown user account:
telnet into the host:
Using vrfy:
Using rcpt:
If you received a message code 250,251,252 which means the server has accepted the request and user account is valid.
smtp-user-enum (builtin in Kali)
if not installed just run
Simple run:
Adding domain (will add the domain after the user):
Credit: https://0xdf.gitlab.io/2020/06/17/endgame-xen.html
Nmap
Send Email
Swaks
Kali has a built in Perl script that can be used to send emails - Swaks - Swiss Army Knife for SMTP.
Example:
Last updated