Footprinting Module - SMTP user enum

discovolante · March 22, 2022, 8:56am

I try to further enumerate the SMTP server in order to find user that exist on the system. I am using smtp-user-enum with the wordlist provided in the resource.
I set the timeout to 10seconds and got 11 users firstname@inlanefreight.htb but none of them (with and without @inlanefreight.htb) is accepted as the solution to the question.

I think I am missing something here, but what?

discovolante · March 22, 2022, 8:58am

Ok - obviously right after posting this question - I found the solution. I had to use a different tool than smtp-user-enum but I am still puzzled why I get different results from different tools.

smtp-user-enum: 11 users
other tool (not posting yet which one) only returns one (which is the correct one)

Could someone explain to me why there are so different results from different tools?

Geekecom · April 2, 2022, 11:40am

I had exactly the same problem

0xh4rtz · April 2, 2022, 12:38pm

What services running on the server did you discover in your enumeration? I think you are overlooking some service that you need to solve this lab.
Just for confirm, you are on the hard lab?

Geekecom · April 2, 2022, 1:01pm

It’s an intermediate module called Footprinting at the HTB Academy. SMTP section

0xh4rtz · April 2, 2022, 1:16pm

Oh I’m sorry, for some reason I think you are on the hard lab. LOL

Ok, do you tried enuramerate manully the users? I mean, put one by one the users in service over telnet or netcat connection?

Geekecom · April 2, 2022, 2:44pm

NP. I said I had the same issue which means I don’t have it anymore

If someone has the problem I could help.

Cheers

skilfoy · October 26, 2022, 7:33pm

Set the timeout to 15 seconds!

Craizi-j · November 9, 2022, 6:57am

How do you set the time out ti 15 seconds? I might have missed something but I honestly don’t know how or where to set the time out?

oflavioc · January 21, 2023, 10:50pm

smtp-user-enum -h
options are:
-m n Maximum number of processes (default: 5)
-M mode Method to use for username guessing EXPN, VRFY or RCPT (default: VRFY)
-u user Check if user exists on remote system
-f addr MAIL FROM email address. Used only in “RCPT TO” mode (default: user[@]example[.]com)
-D dom Domain to append to supplied user list to make email addresses (Default: none)
-U file File of usernames to check via smtp service
-t host Server host running smtp service
-T file File of hostnames running the smtp service
-p port TCP port on which smtp service runs (default: 25)
-d Debugging output
-w n Wait a maximum of n seconds for reply (default: 5)
-v Verbose
-h This help message

Topic		Replies	Views
SMTP question Academy smtp	66	15897	November 24, 2024
Academy - Footprinting -SMTP	49	9981	December 6, 2024
Attacking Common Services - Easy - smtp-user-enum does not find any users Academy academy	1	208	November 28, 2024
Attacking Common Services - Attacking Email Services (SMTP) Academy	35	7598	October 31, 2024
HTB Academy : Footprinting Skills Assessment Lab - Hard Academy	40	7249	June 26, 2024

Footprinting Module - SMTP user enum

Related topics