25 ) SMTP

Nmap Script

sudo nmap --script smtp-enum-users -p25 <IP>
sudo nmap --script smtp-open-relay,smtp-commands,smtp-ntlm-info -p25 <IP>

Username enumerate

smtp-user-enum -M VRFY -U /usr/share/seclists/Usernames/Names/names.txt -t 10.10.10.17
smtp-user-enum -U /usr/share/seclists/Usernames/Honeypot-Captures/multiplesources-users-fabian-fingerle.de.txt -m 50 -M RCPT -D humongousretail.com -t 10.10.10.17

Send mail

## !! Be aware about from address. If you are using same domain for both from and to. they will ask auth. So please use info@h4rithd.com first !!
## ------------------| Using Swaks
swaks --from info@h4rithd.com --to admin@sneakymailer.htb --header 'Subject: Hello world' --body 'This is msg body' --server 10.10.10.197
    
## ------------------| Using sendEmail
sendEmail -m 'Hello machan' -f info@h4rithd.com  -t admin@sneakymailer.htb -s <IP> -u "Message Subject" -a attachment.pdf                            
sendEmail -o message-file=message.txt -f info@h4rithd.com  -t admin@sneakymailer.htb -s <IP> -u "Message Subject" -a attachment.pdf                            

## ------------------| Using Telnet
telnet <IP> 25
HELO writer.htb
MAIL FROM:info@h4rithd.com
RCPT TO:root@writer.htb
DATA
Subject: Test mail
Hello h4rith
.
QUIT

## ------------------| Using NetCat  
nc <IP> 25
HELO writer.htb
MAIL FROM:info@h4rithd.com
RCPT TO:root@writer.htb
DATA
Subject: Test mail
Hello h4rith
.
QUIT

SMTP server

## ------------------| Using smtpd (deprecated)
import smtpd
import asyncore

class CustomSMTPServer(smtpd.SMTPServer):
    def __init__(self, localaddr, remoteaddr):
        smtpd.SMTPServer.__init__(self, localaddr, remoteaddr)

    def process_message(self, peer, mailfrom, rcpttos, data):
        print('Received email from:', mailfrom)
        print('To:', rcpttos)
        print('Message:', data)

server = CustomSMTPServer(('0.0.0.0', 1025), None)
asyncore.loop()

## ------------------| Using asyncio
import asyncio
from aiosmtpd.controller import Controller

class CustomSMTPHandler:
    async def handle_RCPT(self, server, session, envelope, address, rcpt_options):
        envelope.rcpt_tos.append(address)
        return '250 OK'

    async def handle_DATA(self, server, session, envelope):
        print('Received email from:', envelope.mail_from)
        print('To:', envelope.rcpt_tos)
        print('Message:', envelope.content.decode('utf-8'))
        return '250 OK'

async def main(loop):
    handler = CustomSMTPHandler()
    controller = Controller(handler, hostname='localhost', port=1025)
    controller.start()

loop = asyncio.get_event_loop()
loop.run_until_complete(main(loop))

Previous22 ) SSH Next53 ) DNS

Last updated 2 years ago

smtp-user-enum -M VRFY -U /usr/share/seclists/Usernames/Names/names.txt -t 10.10.10.17 smtp-user-enum -U /usr/share/seclists/Usernames/Honeypot-Captures/multiplesources-users-fabian-fingerle.de.txt -m 50 -M RCPT -D humongousretail.com -t 10.10.10.17

## !! Be aware about from address. If you are using same domain for both from and to. they will ask auth. So please use info@h4rithd.com first !! ## ------------------| Using Swaks swaks --from info@h4rithd.com --to admin@sneakymailer.htb --header 'Subject: Hello world' --body 'This is msg body' --server 10.10.10.197 ## ------------------| Using sendEmail sendEmail -m 'Hello machan' -f info@h4rithd.com -t admin@sneakymailer.htb -s <IP> -u "Message Subject" -a attachment.pdf sendEmail -o message-file=message.txt -f info@h4rithd.com -t admin@sneakymailer.htb -s <IP> -u "Message Subject" -a attachment.pdf ## ------------------| Using Telnet telnet <IP> 25 HELO writer.htb MAIL FROM:info@h4rithd.com RCPT TO:root@writer.htb DATA Subject: Test mail Hello h4rith . QUIT ## ------------------| Using NetCat nc <IP> 25 HELO writer.htb MAIL FROM:info@h4rithd.com RCPT TO:root@writer.htb DATA Subject: Test mail Hello h4rith . QUIT

## ------------------| Using smtpd (deprecated) import smtpd import asyncore class CustomSMTPServer(smtpd.SMTPServer): def __init__(self, localaddr, remoteaddr): smtpd.SMTPServer.__init__(self, localaddr, remoteaddr) def process_message(self, peer, mailfrom, rcpttos, data): print('Received email from:', mailfrom) print('To:', rcpttos) print('Message:', data) server = CustomSMTPServer(('0.0.0.0', 1025), None) asyncore.loop() ## ------------------| Using asyncio import asyncio from aiosmtpd.controller import Controller class CustomSMTPHandler: async def handle_RCPT(self, server, session, envelope, address, rcpt_options): envelope.rcpt_tos.append(address) return '250 OK' async def handle_DATA(self, server, session, envelope): print('Received email from:', envelope.mail_from) print('To:', envelope.rcpt_tos) print('Message:', envelope.content.decode('utf-8')) return '250 OK' async def main(loop): handler = CustomSMTPHandler() controller = Controller(handler, hostname='localhost', port=1025) controller.start() loop = asyncio.get_event_loop() loop.run_until_complete(main(loop))