Blog

HOWTO use NMAP to SMTP Enumeration


Run the command nc -nv 10.11.1.215 25 to check the mail server.

20160721.SMTP.Enumeration1

VRFY bob send us a SMTP success code 250, while failure send SMTP code 550. We will use the SMTP success code 250 in a script in the next example.

This is a sample of SMTP Enumeration using users.txt that you collect through passive gathering. The command for user in $(cat users.txt); do echo VRFY $user |nc -nv -w 1 10.11.1.215 25 2>/dev/null |grep ^”250″;done script.

For list in users.txt, do echo with VRFY command with each user name and pipe that with netcat which will connect to the mail server on port 25 and redirect any error messages to /dev/null, then with the remaining output look for lines that begin with 250 the SMTP code for a success result. Then complete the loop, see the results below.

20160721.SMTP.Enumeration

How about using Python script? Here’s an example vrfy.py file.

20160721.SMTP.Enumeration.Using.PythonScript

Import the Python module such as socket and sys, parameter check to make the syntax is use correctly. The script will connect to the SMTP server 192.168.31.215 on port 25, receive the banner and print it.

Once printed, the script will send the VRFY command together with the username, then print the result and close the socket.

Run the script, verify username bob.

#./vrfy.py bob [enter]; you will see the result of 250 2.1.5 <bob@test.king.net>

and for unknown user.

#./vrfy.py idontexist [enter]; result 550 5.1.1 idontexist … User unknown

Please continue reading other HOWTO articles.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s