OSCP Notes
Search…
SMTP

User enumeration

1
for server in $(cat smtpmachines); do echo "******************" $server "*****************"; smtp-user-enum -M VRFY -U userlist.txt -t $server;done #for multiple servers
Copied!
1
smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t $ip
Copied!
1
smtp-user-enum -M VRFY -U /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames-dup.txt -t $ip
Copied!

Command to check if a user exists

1
VRFY root
Copied!

Command to ask the server if a user belongs to a mailing list

1
EXPN root
Copied!

Enumeration and vuln scanning

1
nmap --script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 -p 25 $ip
Copied!

Brute-force

1
hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V
Copied!

Connection

1
telnet $ip 25
Copied!
Last modified 1yr ago