SMTP

Key commands

VRFY	asks the server to verify an email address
EXPN	asks the server for the membership of a mailing list
NOOP	No op; does nothing and the server should send a 250 OK response (useful to verify the connection of your session)

SMTP and POP3 Commands Cheat Sheet

http://www.suburbancomputer.com/tips_email.htm

Python script to verify smtp users

#!/usr/bin/python

import socket

import sys

if len(sys.argv) != 2:

print "Usage: smtp_vrfy.py <username>"

sys.exit(0)

# Create a socket

s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Connect to the server

connect=s.connect(('10.11.1.217',25))

# Receive the banner

banner=s.recv(1024)

print banner

# VRFY a user

s.send('VRFY ' + sys.argv[1] + '\r\n')

result=s.recv(1024)

print result

# Close the socket

s.close()

Enumerate SMTP user accounts

smtp-user-enum -M VRFY -U /usr/share/seclists/Usernames/top_shortlist.txt -t 10.11.1.72 -p 25

Login via SMTP protocol

• connect to SMTP mail server via netcat or telnet

EHLO <user>

AUTH LOGIN

<base64 encoded username>

<base64 encoded password>

e.g.

HELO root

220 beta SMTP Server (JAMES SMTP Server 2.3.2) ready Wed, 9 Jan 2019 07:47:52 -0500 (EST)

250 beta Hello root (10.11.0.76 [10.11.0.76])

auth login

334 VXNlcm5hbWU6

cm9vdA==

334 UGFzc3dvcmQ6

cm9vdA==

535 Authentication Failed

25,465,587 - Pentesting SMTP/sHackTricks

Pentest - Everything SMTP