Hacking Notes
  • What is this?
  • Reconnaissance 🗣
    • Information Gathering 🗣
  • Enumeration 🎯
    • Host Discovery 🛎
    • DNS Enumeration
    • OS Discovery 🖥
    • Port Scanning 📟
    • WAF Evasion
  • Web 📱
    • Unrestricted File Upload
    • Templates Injections ✖️
    • File Inclusion
    • Login Panes
    • SQL Injection
    • NoSQL Injection
    • OAuth 2.0 Bypass
  • Privilege Escalation
    • Linux Privesc
    • Windows Privesc
    • Run Commands AS
  • Post Explotation 💀
    • Port Forwarding and Tunneling
    • Transfering Files 📤
    • Reverse Shell 🔙
    • Crypto 101 👁
    • AV Evasion
    • Bypass UAC
    • Get Credentials
  • Services
    • PORT 21/tcp - FTP
    • PORT 25/tcp - SMTP
    • PORT 53/tcp/udp - DNS
    • Port 80,443/tcp - HTTP
    • Port 111/tcp - RPCBind
    • PORT 143,993/tcp - IMAP
    • PORT 139,445/tcp - SMB
    • PORT 161/udp - SNMP
    • PORT 1100/tcp - Java RMI
    • PORT 1433/tcp - Microsoft SQL Server
    • PORT 2049/tcp - NFS
    • PORT 3306/tcp MySQL
    • PORT 3389/tcp RDP
    • PyPI Server
  • Software
    • Tomcat
    • Jenkins
    • Drupal
    • Wordpress
  • Client-Side Attacks
    • Evil PDF
    • Microsoft Office Macros
  • Other
    • Hacking WiFI
      • WPA/WPA2 PSK
      • WPA/WPA2 PEAP (Enterprise)
      • WEP
    • Hacking with Powershell
    • Hacking AWS
  • Exploiting
    • Buffer Overflow
  • Active Directory
    • 🖥️AD Attacks
Powered by GitBook
On this page
  • Enumeration
  • User Enumeration
  • Send Mails
  • Telnet / Netcat
  • Swiss Army Knife SMTP (swaks)
  • References:

Was this helpful?

  1. Services

PORT 25/tcp - SMTP

The Simple Mail Transfer Protocol (SMTP) is a communication protocol for electronic mail transmission. As an Internet standard.

Enumeration

User Enumeration

SMTP supports several interesting commands, such as VRFY and EXPN.

  • VRFY: Ask the server to verify and email address.

  • EXPN: Ask the server for membership of a mailing list.

smtp-user-enum.pl -M VRFY -U users.txt -t 10.0.0.1
smtp-user-enum.pl -M EXPN -u admin1 -t 10.0.0.1
smtp-user-enum.pl -M RCPT -U users.txt -T mail-server-ips.txt
smtp-user-enum.pl -M EXPN -D example.com -U users.txt -t 10.0.0.1

Send Mails

Telnet / Netcat

We can conect to our SMTP server via telnet.

telnet smtp.server.local 25
nc -nv smtp.server.local 25

Once we've got established our connection, we will send a HELO with the name of the host we are trying to connect followed by the message

HELO smtp.server
MAIL FROM: test@server.local
RCPT TO: victim@server.local
DATA
Subject: Check this out!
Body of the message ended with a dot
.

Swiss Army Knife SMTP (swaks)

Other solution to automatize some tasks is using swaks:

 swaks --to 'victim@server.local' --from 'test@server.local' --server 'smtp.server.local' --header 'Subject: Check this out!' --body 'Body of the message'

References:

PreviousPORT 21/tcp - FTPNextPORT 53/tcp/udp - DNS

Last updated 3 years ago

Was this helpful?

https://book.hacktricks.xyz/pentesting/pentesting-smtp
http://systemadmin.es/2009/01/como-mandar-un-email-con-telnet-protocolo-smtp
https://metacpan.org/pod/distribution/Mail-Toaster/contrib/swaks