Premium Resources

Training Courses

Free Resources

SMTP Enumeration

The Simple Mail Transport Protocol is used to send email messages as opposed to POP3 or IMAP which can be used to both send and receive messages. SMTP relies on using Mail Exchange (MX) servers to direct the mail to via the Domain Name Service, however, should an MX server not be detected, SMTP will revert and try an A or alternatively SRV records. SMTP generally runs on port 25.

SMTP enumeration allows us to determine valid users on the SMTP server. This is done with the help built-in SMTP commands, they are

VRFY - This command is used for validating users.
EXPN - This command tells the actual delivery address of aliases and mailing lists.
RCPT TO - It defines the recipients of the message.

Tool:

NestScanTools Pro

Countermeasures:

Configure SMTP server either to ignore email messages to unknown recipients.
Don’t include information like mail relay systems being used, Internal IP address or host information.
Disable open relay feature.

Related Topics

What is Hacking? What is Ethical Hacking? Who is an Ethical Hacker?

CIA Triangle Important characteristics of Information Security, Functionality and Usability Triangle Phases of Hacking Different types of attacks Vulnerability Assessment Penetration Testing Information Security Laws, Standards and frameworks

What is Footprinting Objectives of Footprinting Footprinting Methodology

What is Scanning? Network Scanning Scanning Methodology

Enumeration and its Types NetBIOS Enumeration SNMP Enumeration LDAP Enumeration NTP Enumeration SMTP Enumeration DNS Enumeration

Goals of System Hacking Gaining Access Privilege Escalation Executing Applications Hiding Files Covering Tracks

Introduction to Malware Threats and its Types Virus Trojans Worms Rootkits, Spyware and Ransomware How to Detect Malicious Software

Sniffing and its Types ARP and CAM Table Active Sniffing Attacks DHCP Poisoning

Social Engineering and its Attacks Computer and Mobile Based Social Engineering

Denial of Service attacks and its Types

Session Hijacking and its Types Session Hijacking Process Session Hijacking Levels Network or TCP Session Hijacking

Web Server and its Types of Attacks

Web Application and its types of Attacks Injection Flaws Cross-Site Scripting Web Services Attacks Hacking Methodology

Introduction to SQL Injection Types of SQL Injection

Introduction to Hacking Wireless Networks Encryption Types Wi-Fi Attacks

Introduction to Hacking Mobile Devices Android Types of Android Attacks IOS Mobile Device Management

Firewall IDS: Intrusion Detection System Ways of Detecting Attacks

Introduction to Cryptography PKI: Public Key Infrastructure SSL: Secure Socket Layer

Introduction to Cloud Computing Types of Cloud Computing Benefits, Threats, and Attacks on Cloud Computing Security in Cloud

Premium Resources

Free Resources

SMTP Enumeration

Tool:

Countermeasures:

Related Topics

Company

Resources

Bootcamps

Premium Resources

Free Resources

SMTP Enumeration

Tool:

Countermeasures:

Related Topics

Ethical Hacking

Introduction to Ethical Hacking

Footprinting and Reconnaissance

Scanning

Enumeration

System Hacking

Malware Threats

Sniffing

Social Engineering

Denial of Service

Session Hijacking

Hacking Web Servers

Web Application Attacks

SQL Injection

Hacking Wireless Networks

Hacking Mobile Devices

Evading Firewall/IDS and Honey Bots

Cryptography

Cloud Computing