Explore this comprehensive guide on SMTP penetration testing, a crucial technique for assessing the security of your email servers.
In this article, Kali is used as a client, and a Windows Server 2012 as an SMTP Server.
Table of Contents
MUA → MSA → MTA → internet → MTA → MDA → MUA
Outlook → Exchange → firewall → internet → SMTP-Server of the receiving side → mail-server of the receiving side → Outlook of receiver
|Identifies the sending SMTP server
|Extended HELO, provides more information
|Specifies the sender’s email address
|Specifies the recipient’s email address
|Initiates the message data transmission
|Resets the session to initial state
|Requests verification of an email address
|Requests the expansion of a mailing list
|No operation, used for testing or keep-alive
|Closes the SMTP session
|Initiates authentication process
|Initiates a secure TLS session
|Requests help information from the server
RFC 821 – Simple Mail Transfer Protocol
Protocol definition for SMTP. This document covers the model, operating procedure, and protocol details for SMTP.
RFC 1869 – SMTP Service Extensions
Definition of the ESMTP extensions for SMTP. This describes a framework for extending SMTP with new commands, supporting dynamic discovery of the commands provided by the server, and defines a few additional commands.
SMTP Penetration Testing
- SMTP Tools
- Footprinting SMTP Service
- Enumerate SMTP Service
- SMTP Vulnerabilities
- SMTP Attacks
SMTP – Pentest Tools
|Swiss Army Knife for SMTP
Nmap SMTP NSE Scripts
nmap --script smtp-brute,smtp-commands,smtp-enum-users,smtp-vuln-cve2011-1764 -p 25,465,587 <target-ip>
nmap --script smtp-ntlm-info --script-args smtp-ntlm-info.domain=example.com -p 25,465,587 <target-ip>
SMTP Metasploit Modules
Footprinting SMTP Service
sudo nmap 10.129.172.83 -sC -sV -p25,465,587
SMTP Enumeration is a crucial aspect of the cybersecurity landscape that offers detailed insights into a system’s mail server.
This process is particularly significant for network administrators, IT professionals, and ethical hackers who are continuously working to identify and rectify system vulnerabilities.
In this article, we will delve into the world of SMTP Enumeration, its functions, merits, demerits, and the critical role it plays in network security.
Furthermore, we’ll explore different tools used in SMTP enumeration and discuss common strategies for preventing potential exploitation.
nmap -p25 --script smtp-commands 18.104.22.168
nc -vn 22.214.171.124 25
nmap –script smtp-enum-users.nse 126.96.36.199
smtp-user-enum -M VRFY -U list.txt -t 10.129.172.83
sudo nmap 10.129.14.128 -p25 --script smtp-open-relay -v
nmap -p25 --script smtp-open-relay 188.8.131.52 -v
Directory harvest attack (DHA)
SMTP Post Exploitation
swaks --to [email protected] --from local-user@<local-ip> --server mail.example.com --body "hello"
sendEmail -t [email protected] -f [email protected] -s 192.168.8.131 -u Important Upgrade Instructions -a /tmp/BestComputers-UpgradeInstructions.pdf
sudo python -m smtpd -n -c DebuggingServer :25
|Forging the sender’s email address to appear as if it’s from a different source.
|Sending deceptive emails to trick recipients into revealing sensitive information.
|Intercepting and possibly altering communication between the email client and server.
|Repeatedly attempting different username and password combinations to gain unauthorized access.
|Flooding an email inbox with an overwhelming number of emails, causing denial of service.
|Email Relay Attacks
|Exploiting open email relays to send spam or malicious emails through a compromised server.
|SMTP User Enumeration
|Determining valid email addresses by exploiting SMTP server responses.
|SMTP Command Injection
|Manipulating SMTP commands to execute arbitrary code on the SMTP server.
|SMTP Header Injection
|Injecting malicious content into email headers to trick email clients into unintended actions.
|Denial of Service (DoS)
|Overwhelming SMTP servers with excessive traffic, causing email service disruption.
|Using automated tools to gather email addresses for spam campaigns or other malicious purposes.
|Intercepting unencrypted emails during transmission to access sensitive information.
|Email Attachment Exploits
|Exploiting vulnerabilities in email attachments to execute malware on the recipient’s system.
|Malicious Email Attachments
|Sending attachments or links to infected files or websites to trick recipients into downloading malware or revealing sensitive information.