Work in progress

SMTP Introduction

Protocol	Port	Description
SMTP	25
	465
	587

MUA → MSA → MTA → internet → MTA → MDA → MUA

Outlook → Exchange → firewall → internet → SMTP-Server of the receiving side → mail-server of the receiving side → Outlook of receiver

SMTP Commands

Command	Description	RFC
HELO	Identifies the sending SMTP server	RFC 5321
EHLO	Extended HELO, provides more information	RFC 5321
MAIL FROM	Specifies the sender’s email address	RFC 5321
RCPT TO	Specifies the recipient’s email address	RFC 5321
DATA	Initiates the message data transmission	RFC 5321
RSET	Resets the session to initial state	RFC 5321
VRFY	Requests verification of an email address	RFC 5321
EXPN	Requests the expansion of a mailing list	RFC 5321
NOOP	No operation, used for testing or keep-alive	RFC 5321
QUIT	Closes the SMTP session	RFC 5321
AUTH	Initiates authentication process	RFC 4954
STARTTLS	Initiates a secure TLS session	RFC 3207
HELP	Requests help information from the server	RFC 5321

SMTP Penetration Testing

SMTP Tools

Tool	Description	Download
swaks	Swiss Army Knife for SMTP
smtp-user-enum
nmap	Network Scanner

Nmap

nmap --script smtp-brute -p 25,465,587 <target-ip>
nmap --script smtp-commands -p 25,465,587 <target-ip>
nmap --script smtp-enum-users -p 25,465,587 <target-ip>
nmap --script smtp-ntlm-info --script-args smtp-ntlm-info.domain=example.com -p 25,465,587 <target-ip>
nmap --script smtp-vuln-cve2011-1764 -p 25,465,587 <target-ip>
nmap --script smtp-* -p 25,465,587 <target-ip>

Metasploit

SWAKS

swaks --to remote-user@example.com --from local-user@<local-ip> --server mail.example.com --body "hello"

sendEmail -t dept@victim.com -f support@rfs.com -s 192.168.8.131 -u Important Upgrade Instructions -a /tmp/BestComputers-UpgradeInstructions.pdf

SMTP Scanning

nmap –script smtp-enum-users.nse 172.180.22.16

nmap -p25 --script smtp-open-relay 172.180.22.16 -v

nmap -p25 --script smtp-commands 172.180.22.16

SMTP Enumeration

Banner Grabbing

nc -vn 172.180.22.16 25

auxiliary/scanner/smtp/smtp_enum

SMTP Exploitation

SMTP Post Exploitation

sudo python -m smtpd -n -c DebuggingServer :25

SSH Penetration Testing

FTP penetration testing

RDP Penetration Testing

SMB Penetration Testing

PostgreSQL Penetration Testing

SMTP Penetration Testing – Complete Free Guide

SMTP Introduction

Table of Contents

SMTP Penetration Testing

SMTP Tools

Nmap

Metasploit

SWAKS

SMTP Scanning

SMTP Enumeration

Banner Grabbing

SMTP Exploitation

SMTP Post Exploitation

Other Stories

Certified Penetration Testing Specialist (HTB CPTS)

PEN-200: Penetration Testing (OSCP)

HTB Napper Machine – Full Writeup

Protected: HTB Authority Machine – CompleteWriteup

Protected: HTB Manager Machine – Full Writeup

Don’t miss these tips!

HTB Napper Machine – Full Writeup

Protected: HTB Authority Machine – CompleteWriteup

Protected: HTB Manager Machine – Full Writeup

Protected: HTB Codify Machine – Full Writeup

SMTP Introduction

Table of Contents

SMTP Penetration Testing

SMTP Tools

Nmap

Metasploit

SWAKS

SMTP Scanning

SMTP Enumeration

Banner Grabbing

SMTP Exploitation

SMTP Post Exploitation

Related Articles

Other Stories

Certified Penetration Testing Specialist (HTB CPTS)

PEN-200: Penetration Testing (OSCP)