How to get email addresses from SMTP-server
Step 1. Start Kali and open Terminal
Now that we’ve covered the basics of SMTP, let's see if we can use this information to crack the SMTP server and retrieve email addresses. Launch Kali and open the terminal.
WStep 2. Telnet to the SMTP-server
Our next step is to see if you can manually connect to the SMTP server using telnet.
kali> telnet 192.168.1.101 25
As you can see, we successfully connected to the server (metasploitable.localdomain) via telnet.
ØStep 3. Manual verification of email address
Now that we are connecting via telnet to the SMTP server, we can use the SMTP commands listed above to make the necessary request to the server. Most importantly, we need to use the VRFY (check) command. This command, followed by the e-mail user name, will instruct the server to check if the user’s account exists, for example:
> VRFY sys
As you can see in the screenshot above, we tried these users:
- sys
- admin
- administrator
- nullbyte
- root
The server has confirmed that “sys” and “root” have email accounts on the server. Fine!
ØStep 4. Use Smtp-User-Enum
In the third step, we manually made requests to the SMTP server to find out if a specific email address exists. Would it be easier if we had some kind of script that would make these queries automated? Fortunately, yes, there is such a script! It is called smtp-user-enum and is already included in the Kali distribution.
We can find it in Applications -> Kali Linux -> Information Collection - SMTP Analysis -> smtp-user-enum.
When you click on it, the help shown in the screenshot below opens. Note that the basic syntax for searching email users is as follows:
kali> smtp-user-enum -M VRFY -U -t
Now let's make a command that can be used against the Metasploitable SMTP server. We can use any Kali wordlist, create our own or download any of the thousands of wordlist available on the Internet. We decided to try one of those available in Kali:
/usr/share/fern-wifi-cracker/extras/wordlist
Together with him the team becomes like this:
kali > smtp-user-enum -M VRFY -U /usr/sharefern-wifi-cracker/extras/wordlist -t 192.168.1.101
As you can see in the screenshot below, we launched it, and he first displayed the scan information:
Then found users:
Now that we know the email addresses of users on the organization's SMTP server, we can send them emails with social engineering content or replace their email address with their own, and send emails to their colleagues.
Be sure to come back for new material!
Disclaimer : This article is written for educational purposes only. The author or publisher did not publish this article for malicious purposes. If readers would like to use the information for personal gain, the author and publisher are not responsible for any harm or damage caused.
Hi Clients!
RépondreSupprimerWe have the fresh and valid USA ssn leads and dead fullz
99% connectivity with quality
*If you have any trust issue before any deal you may get few to test
*Every leads are well checked and available 24 hours
*Fully cooperate with clients
*Format of Fullz/leads/profiles
°First & last Name
°SSN
°DOB
°(DRIVING LICENSE NUMBER)
°ADDRESS
(ZIP CODE,STATE,CITY)
°PHONE NUMBER
°EMAIL ADDRESS
°REFERENCE DETAILS
°BANK ACCOUNT DETAILS
****Contact Me****
*ICQ :748957107
*Gmail :taimoorh944@gmail.com
lead cost $2 for each
Price can be negotiable if order in bulk
*please contact soon!
*I hope a long term deal
*Thank You