Sendmail Port 25 open- Enumeration Guide used in Penetration Testing ~ MrLeet

Title: Sendmail Port 25 open- Enumeration Guide used in Penetration TestingAuthor: ajayverma

Fingerprint server
> telnet ip_address 25 (banner grab)

Mail Server Testing
> Enumerate users
>> VRFY username (verifies if username exists - enumeration of accounts)
>> EXPN username (verifies if username is valid - enumeration of accounts)
> Mail Spoof Test
>> HELO anything MAIL FROM: spoofed_address RCPT TO:valid_mail_account DATA . QUIT
> Mail Relay Test
>> HELO anything
>>> Identical to/from - mail from: <nobody@domain> rcpt to: <nobody@domain>
>>> Unknown domain - mail from: <user@unknown_domain>
>>> Domain not present - mail from: <user@localhost>
>>> Domain not supplied - mail from: <user>
>>> Source address omission - mail from: <> rcpt to: <nobody@recipient_domain>
>>> Use IP address of target server - mail from: <user@IP_Address> rcpt to: <nobody@recipient_domain>
>>> Use double quotes - mail from: <user@domain> rcpt to: <"user@recipent-domain">
>>> User IP address of the target server - mail from: <user@domain> rcpt to: <nobody@recipient_domain@[IP Address]>
>>> Disparate formatting - mail from: <user@[IP Address]> rcpt to: <@domain:nobody@recipient-domain>
>>> Disparate formatting2 - mail from: <user@[IP Address]> rcpt to: <recipient_domain!nobody@[IP Address]>

Examine Configuration Files
> sendmail.cf
> submit.cf

Dislike

Submitted On: 2019-05-29 16:35:01