Pentesting Email
SMTP Port 25 default
SMTP User Enum
smtp-user-enum -M VRFY -U /usr/share/wordlists/dirb/common.txt -t [target ip]
-M
-> Sets the mode, the options are: EXPN, VRFY, RCPT (default VRFY)-u
-> Check if a remote exists on a system-U
-> File of usernames to check via smtp service-t
-> Server host running the smtp serviceExamples:
smtp-user-enum -M VRFY -U users.txt -t 10.0.0.1
smtp-user-enum -M EXPN -u admin1 -t 10.0.0.1
smtp-user-enum -M RCPT -U users.txt -T mail-server-ips.txt
smtp-user-enum -M EXPN -D example.com -U users.txt -t 10.0.0.1
POP3 Port 110 default
Connect to the targets pop3 port
telnet 10.10.10.10 110
user <username>
pass <password>
list #see emails
retr 1 #retrieve email 1
retr 2 #retrive email 2
Command to retrieve emails:
RETR 1
RETR 2
Last updated