25 ) SMTP
Nmap Script
sudo nmap --script smtp-enum-users -p25 <IP>
sudo nmap --script smtp-open-relay,smtp-commands,smtp-ntlm-info -p25 <IP>
Username enumerate
smtp-user-enum -M VRFY -U /usr/share/seclists/Usernames/Names/names.txt -t 10.10.10.17
smtp-user-enum -U /usr/share/seclists/Usernames/Honeypot-Captures/multiplesources-users-fabian-fingerle.de.txt -m 50 -M RCPT -D humongousretail.com -t 10.10.10.17
Check Auth
telnet <SMG_IP_address> 587
EHLO mailserver.com
AUTH LOGIN
<Username_in_base64> # echo -n "username" | base64
<Password_in_base64> # echo -n "password" | base64
Send mail
## !! Be aware about from address. If you are using same domain for both from and to. they will ask auth. So please use [email protected] first !!
## ------------------| Using Swaks
swaks --from [email protected] --to [email protected] --header 'Subject: Hello world' --body 'This is msg body' --server 10.10.10.197
## ------------------| Using sendEmail
sendEmail -m 'Hello machan' -f [email protected] -t [email protected] -s <IP> -u "Message Subject" -a attachment.pdf
sendEmail -o message-file=message.txt -f [email protected] -t [email protected] -s <IP> -u "Message Subject" -a attachment.pdf
## ------------------| Using Telnet
telnet <IP> 25
HELO writer.htb
MAIL FROM:[email protected]
RCPT TO:[email protected]
DATA
Subject: Test mail
Hello h4rith
.
QUIT
## ------------------| Using NetCat
nc <IP> 25
HELO writer.htb
MAIL FROM:[email protected]
RCPT TO:[email protected]
DATA
Subject: Test mail
Hello h4rith
.
QUIT
SMTP server
## ------------------| Using smtpd (deprecated)
import smtpd
import asyncore
class CustomSMTPServer(smtpd.SMTPServer):
def __init__(self, localaddr, remoteaddr):
smtpd.SMTPServer.__init__(self, localaddr, remoteaddr)
def process_message(self, peer, mailfrom, rcpttos, data):
print('Received email from:', mailfrom)
print('To:', rcpttos)
print('Message:', data)
server = CustomSMTPServer(('0.0.0.0', 1025), None)
asyncore.loop()
## ------------------| Using asyncio
import asyncio
from aiosmtpd.controller import Controller
class CustomSMTPHandler:
async def handle_RCPT(self, server, session, envelope, address, rcpt_options):
envelope.rcpt_tos.append(address)
return '250 OK'
async def handle_DATA(self, server, session, envelope):
print('Received email from:', envelope.mail_from)
print('To:', envelope.rcpt_tos)
print('Message:', envelope.content.decode('utf-8'))
return '250 OK'
async def main(loop):
handler = CustomSMTPHandler()
controller = Controller(handler, hostname='localhost', port=1025)
controller.start()
loop = asyncio.get_event_loop()
loop.run_until_complete(main(loop))
Last updated