November 1, 2019 · Basic Pen-Testing
4.3 : Active information gathering techniques - SMTP enum (Part IV)
SMTP Enum
smtp miss configurations can lead to email list & user name to be enumerated.
VRFY: verify an email addressEXPN: request for a mailing list
basic usage
nc -nv 10.0.0.1 25
(UNKNOWN) [10.0.0.1] 25 (smtp) open
220 redhat.acme.com ESMTP Sendmail 8.12.8/8.12.8; Wed, 12 Jun 2013 07:47:14 +0300 VRFY root
250 2.1.5 root <[email protected]>
VRFY idontexist
550 5.1.1 idontexist... User unknown
advanced usage
verify.py
import socket
import sys
if len(sys.argv) != 2:
print "Usage: vrfy.py <username>" sys.exit(0)
# Create a Socket
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) # Connect to the Server connect=s.connect(('10.11.1.215',25))
# Receive the banner
banner=s.recv(1024)
print banner
# VRFY a user
s.send('VRFY ' + sys.argv[1] + '\r\n') result=s.recv(1024)
print result
# Close the socket
s.close()