Pentest
TryhackmeHackthebox
  • 🐧Linux
    • Lateral Movement
    • PrivilageEsc Linux 👑
  • 🪟Windows
    • Lateral Movement
    • PrivilageEsc Windows 👑
    • Active Directory / SMB
  • ☁️Cloud
    • AWS
    • Docker
    • Azure AD
    • Kubernetes
  • 🛠️Tools
    • File Transfers
    • Shells / Payloads
    • Pivoting / Forwarding
    • Network Enumeration
    • Cracking / Fuzzing / Brute-force
  • 🚐TCP
    • 21 ) FTP
    • 22 ) SSH
    • 25 ) SMTP
    • 53 ) DNS
    • 79 ) Finger
    • 110 ) POP3
    • 143, 993 ) IMAP
    • 389 ) LDAP
    • 443 ) HTTPS
    • 2049 /111 ) NFS /RPC
    • 3128 ) Squid Proxy
    • 3690 ) Subversion
    • 6379 ) Redis
    • 9200 ) Elasticsearch
    • 11211 ) Memcached
    • 24007 & 49152) Gluster
  • 🚎UDP
    • 69 ) TFTP
    • 161 ) SNMP
    • 500, 4500 ) IPsec IKE
    • 623) IPMI
  • 🔟OWASP 10
    • SQLi
    • NoSQLi
    • LFI / XXE
    • Command Injection
    • XSS / HTMLi / (S/C)SRF / SSTI
  • 📚Database
    • Oracle SQL | 1521
    • MSSQL / MYSQL / PSQL
  • 🔗Binary Exploitation
    • Linux
    • Windows
  • 👨‍🚒Red team
    • Reconnaissance
    • Initial Access
    • Persistence Techniques
    • AV Evasion Techniques
  • 🐰Bug Bounty
    • Search Engine
    • Index.html
  • ⌚Links
    • Passwords 1
    • Default Passwords
    • Default passwords 2
  • 🔄Other
    • Git
    • HackerGPT
    • Curl
    • Hints!!
    • Log4j
    • Mobile Sec
    • BookMarks
    • Steganography
    • CMS / Servers / Others
    • Deserialization
    • Tryhackme
  • 🤖Mobile Android Pentest
    • Mobile Sec
    • Drozer
  • Group 1
    • 📦HackTheBox — Writeups
      • 🏴‍☠️HTB - Devvortex
Powered by GitBook
On this page
  1. TCP

25 ) SMTP

  • Nmap Script

sudo nmap --script smtp-enum-users -p25 <IP>
sudo nmap --script smtp-open-relay,smtp-commands,smtp-ntlm-info -p25 <IP>  
  • Username enumerate

smtp-user-enum -M VRFY -U /usr/share/seclists/Usernames/Names/names.txt -t 10.10.10.17
smtp-user-enum -U /usr/share/seclists/Usernames/Honeypot-Captures/multiplesources-users-fabian-fingerle.de.txt -m 50 -M RCPT -D humongousretail.com -t 10.10.10.17      
  • Send mail

## !! Be aware about from address. If you are using same domain for both from and to. they will ask auth. So please use info@h4rithd.com first !!
## ------------------| Using Swaks
swaks --from info@h4rithd.com --to admin@sneakymailer.htb --header 'Subject: Hello world' --body 'This is msg body' --server 10.10.10.197
    
## ------------------| Using sendEmail
sendEmail -m 'Hello machan' -f info@h4rithd.com  -t admin@sneakymailer.htb -s <IP> -u "Message Subject" -a attachment.pdf                            
sendEmail -o message-file=message.txt -f info@h4rithd.com  -t admin@sneakymailer.htb -s <IP> -u "Message Subject" -a attachment.pdf                            

## ------------------| Using Telnet
telnet <IP> 25
HELO writer.htb
MAIL FROM:info@h4rithd.com
RCPT TO:root@writer.htb
DATA
Subject: Test mail
Hello h4rith
.
QUIT

## ------------------| Using NetCat  
nc <IP> 25
HELO writer.htb
MAIL FROM:info@h4rithd.com
RCPT TO:root@writer.htb
DATA
Subject: Test mail
Hello h4rith
.
QUIT
  • SMTP server

## ------------------| Using smtpd (deprecated)
import smtpd
import asyncore

class CustomSMTPServer(smtpd.SMTPServer):
    def __init__(self, localaddr, remoteaddr):
        smtpd.SMTPServer.__init__(self, localaddr, remoteaddr)

    def process_message(self, peer, mailfrom, rcpttos, data):
        print('Received email from:', mailfrom)
        print('To:', rcpttos)
        print('Message:', data)

server = CustomSMTPServer(('0.0.0.0', 1025), None)
asyncore.loop()

## ------------------| Using asyncio
import asyncio
from aiosmtpd.controller import Controller

class CustomSMTPHandler:
    async def handle_RCPT(self, server, session, envelope, address, rcpt_options):
        envelope.rcpt_tos.append(address)
        return '250 OK'

    async def handle_DATA(self, server, session, envelope):
        print('Received email from:', envelope.mail_from)
        print('To:', envelope.rcpt_tos)
        print('Message:', envelope.content.decode('utf-8'))
        return '250 OK'

async def main(loop):
    handler = CustomSMTPHandler()
    controller = Controller(handler, hostname='localhost', port=1025)
    controller.start()

loop = asyncio.get_event_loop()
loop.run_until_complete(main(loop))
Previous22 ) SSHNext53 ) DNS

Last updated 2 years ago

🚐