If you want to make a social attack on the company, you will definitely need their email addresses. For example, having gained access to the company's clerk's mailbox and sending an infected letter from it to the head of the department, the probability of a successful hack is to strive for 100%. Or vice versa: infecting the computers of a printing company on t-shirts with miners, sending a poisonous message from their paint supplier (example made-up, honestly).
There are many options for collecting mailboxes, but what if you could get access to the company 's SMTP server and personally ask about their availability? I think you would be the happiest krasnoglazikom area.
Therefore, today on the channel I will tell you how to do it.
#SMTP
What is SMTP?
SMTP or S impleM ail T ransport P protocol is a 'server-to-server' protocol, working through port 25 . Usually, users use POP3 (port 110 ) or IMAP (port 143 ) to send messages via SMTP , and the latter, in turn, delivers them to the addressee. Obviously, there is a certain database of all mailboxes, so that SMTP knows the list of trusted users - we want to access it. To find the SMTP server, you can use Nmap or any other scanner. Look for the server open 25
m port - most likely it will be an SMTP server.
How to communicate with him?
The SMTP protocol (like any other protocol) has its own set of commands. Here are some of them:
· HELO IP / Domain name - Command for establishing a connection
· STARTTLS - Command for encrypting (via TLS ) all outgoing messages
· RCPT - Specify the recipient's mailbox
· DATA - Start sending a message
· RSET - Cancel message transmission
· MAIL - Specify the sender's mailbox
· QUIT- Close connection
· HELP - Help
· AUTH - User authentication
· VRFY - Find out if the specified mailbox exists
We are looking for mailboxes
Now that we know what this SMTP is , we can start breaking it.
First you need to know if we can connect to the server. Run the following command in the KaliLinux terminal
Code:
telnet 192.168.1.101 25
As you can see, we managed to connect.
Now we use the commands we have already learned to communicate with the server.
Code:
> VRFY sys
As you can see in the screenshot, I tried to find users: sys , admin , administrator , nullbyte , root . Of these, only sys and root were successful - excellent.
But sometimes luck may not be on our side ... wouldn't the script be able to do it for us? Glory omni, such already exists.
It is called “ smtp-user-enum†and is installed by default in Kali Linux. Syntax of use through the terminal:
Code:
smtp-user-enum -M VRFY -U <userlist> -t <target IP>
You can also use man smtp-user-enum to learn more. With this utility in the bosom, we just have to download some dictionary and just substitute as an argument (instead of <userlist> ). I use the dictionary built into Kali Linux
Code:
smtp-user-enum -M VRFY -U / usr / sharefern-wifi-cracker / extras / wordlist -t 192.168.1.101
As you can see, the scanning has begun. And here the utility has already completed its work. As a result, I found as many as 11 (!) Mailboxes, which are asking for hacking. I hope your catch will be no less successful.