TryhackmeHackthebox

25 ) SMTP

  • Nmap Script

sudo nmap --script smtp-enum-users -p25 <IP>
sudo nmap --script smtp-open-relay,smtp-commands,smtp-ntlm-info -p25 <IP>

  • Username enumerate

smtp-user-enum -M VRFY -U /usr/share/seclists/Usernames/Names/names.txt -t 10.10.10.17
smtp-user-enum -U /usr/share/seclists/Usernames/Honeypot-Captures/multiplesources-users-fabian-fingerle.de.txt -m 50 -M RCPT -D humongousretail.com -t 10.10.10.17

  • Send mail

## !! Be aware about from address. If you are using same domain for both from and to. they will ask auth. So please use info@h4rithd.com first !!
## ------------------| Using Swaks
swaks --from info@h4rithd.com --to admin@sneakymailer.htb --header 'Subject: Hello world' --body 'This is msg body' --server 10.10.10.197
    
## ------------------| Using sendEmail
sendEmail -m 'Hello machan' -f info@h4rithd.com  -t admin@sneakymailer.htb -s <IP> -u "Message Subject" -a attachment.pdf                            
sendEmail -o message-file=message.txt -f info@h4rithd.com  -t admin@sneakymailer.htb -s <IP> -u "Message Subject" -a attachment.pdf                            

## ------------------| Using Telnet
telnet <IP> 25
HELO writer.htb
MAIL FROM:info@h4rithd.com
RCPT TO:root@writer.htb
DATA
Subject: Test mail
Hello h4rith
.
QUIT

## ------------------| Using NetCat  
nc <IP> 25
HELO writer.htb
MAIL FROM:info@h4rithd.com
RCPT TO:root@writer.htb
DATA
Subject: Test mail
Hello h4rith
.
QUIT

  • SMTP server

## ------------------| Using smtpd (deprecated)
import smtpd
import asyncore

class CustomSMTPServer(smtpd.SMTPServer):
    def __init__(self, localaddr, remoteaddr):
        smtpd.SMTPServer.__init__(self, localaddr, remoteaddr)

    def process_message(self, peer, mailfrom, rcpttos, data):
        print('Received email from:', mailfrom)
        print('To:', rcpttos)
        print('Message:', data)

server = CustomSMTPServer(('0.0.0.0', 1025), None)
asyncore.loop()

## ------------------| Using asyncio
import asyncio
from aiosmtpd.controller import Controller

class CustomSMTPHandler:
    async def handle_RCPT(self, server, session, envelope, address, rcpt_options):
        envelope.rcpt_tos.append(address)
        return '250 OK'

    async def handle_DATA(self, server, session, envelope):
        print('Received email from:', envelope.mail_from)
        print('To:', envelope.rcpt_tos)
        print('Message:', envelope.content.decode('utf-8'))
        return '250 OK'

async def main(loop):
    handler = CustomSMTPHandler()
    controller = Controller(handler, hostname='localhost', port=1025)
    controller.start()

loop = asyncio.get_event_loop()
loop.run_until_complete(main(loop))
Previous22 ) SSHNext53 ) DNS

Last updated