Academy - Footprinting -SMTP

You need to give the tool more time to search :wink:

I could only solve this with metasploit. However, this has not yet been introduced in the course. I couldn’t solve it with the nmap script or the smtp-user-enum ? Did anyone succeed with the later?

Hint 1: smtp-user-enum
Hint 2: smtp-user-enum -h
Hint 3: -w option might be useful

Go to the top of the module page where you find a wordlist. Download, use the word-list and follow the hints above, trial and error will pay off :stuck_out_tongue_winking_eye:

1 Like

While using smtp-user-enum: …no results is not what you want :wink:

The timing thing is bs. The msf way works out of the box. If you use GitHub - cytopia/smtp-user-enum: SMTP user enumeration via VRFY, EXPN and RCPT with clever timeout, retry and reconnect functionality., this will also work out of the box. Installing from pkg manager on kali docker, and arch was broken. The timing flag did absolutely nothing. I hope this helps someone out.

I recommend using msfconsole

use auxiliary/scanner/smtp/smtp_enum

El primer resultado lo obtuve con nmap utilizando el escaneo de versiones y de scripts por defecto al puerto en el que correo el servicio smtp… (en el encabezado esta la respuesta, pista son 3 palabras)

La segunda la obtuve utilizando snmtp-user-enum… se debe utilizar la lista de palabras dispuesta en los recursos de hack the box en este modulo, se debe especificar el método de ataque… (pista, el tiempo es muy importante en este caso, marca la diferencia en el resultado)

so basically what i did was execute this:
(sleep 10;
for i in $(cat /home/htb-ac-776279/footprinting-wordlist.txt); do echo “vrfy $i”;
sleep 100;) | telnet 25

It gave me error every 20 tries but the file only had 101 names so i only needed to execute this 5 times(names on the fkn last 20 names). What is this whole thing about smtp enum? And is there another way aside from what i did using what is mentioned on the module cus seeing my method gives error every 20 tries it would be super inefficient if the list was longer Thanks

There is a resource section? Is this no longer in Academy?

It’s at the top right of the page under the cheatsheet link