Pentesting Email

SMTP Port 25 default

SMTP User Enum

smtp-user-enum -M VRFY -U /usr/share/wordlists/dirb/common.txt -t [target ip]

• -M -> Sets the mode, the options are: EXPN, VRFY, RCPT (default VRFY)

• -u -> Check if a remote exists on a system

• -U -> File of usernames to check via smtp service

• -t -> Server host running the smtp service

• Examples:

smtp-user-enum -M VRFY -U users.txt -t 10.0.0.1
smtp-user-enum -M EXPN -u admin1 -t 10.0.0.1
smtp-user-enum -M RCPT -U users.txt -T mail-server-ips.txt
smtp-user-enum -M EXPN -D example.com -U users.txt -t 10.0.0.1

POP3 Port 110 default

• Connect to the targets pop3 port

telnet 10.10.10.10 110
user <username>
pass <password>
list #see emails 
retr 1 #retrieve email 1
retr 2 #retrive email 2 

• 
• Command to retrieve emails:

RETR 1
RETR 2