SMTP
SMTPSimple Mail Transfer Protocol
SMTP (Simple Mail Transfer Protocol) sends email. Open relay detection, user enumeration (VRFY/EXPN/RCPT TO), and email spoofing are common tests.
Ports
| Port | Protocol | Description |
|---|---|---|
| 25 | tcp | SMTP |
| 587 | tcp | SMTP submission |
| 465 | tcp | SMTPS |
| 2525 | tcp | SMTP alt |
Fingerprints
| Banner / Probe | Expected Response |
|---|---|
nmap -sV -p <port> <target> | Service banner and version info |
nc -nv <target> <port> | Raw banner grab |
Key Files
| Path | Description |
|---|---|
/etc/passwd | List of system users |
/etc/shadow | Password hashes for local users |
/etc/ssh/sshd_config | SSH server configuration |
~/.ssh/id_rsa | SSH private key |
Default Credentials
| Username | Password | Context |
|---|---|---|
admin | admin | Generic admin account |
root | root | Generic root account |
Known CVEs
| Identifier | Type | Description |
|---|---|---|
— | Info | Check NVD database for latest CVEs |
Exploitation Primitives
| Technique | Tool / Command | Result |
|---|---|---|
| VRFY Enum | smtp-user-enum -M VRFY -U users.txt -t <target> | User enumeration |
| Open Relay | swaks --to victim@other.com --server <target> | Test open relay |
Notes
Always start with full port scan: `nmap -sV -sC -p- <target>`.
Check for default credentials before brute-forcing.
Use service-specific NSE scripts: `nmap --script <service>-* -p <port> <target>`.
Remember to check both IPv4 and IPv6 if applicable.
Seen on
ShodanCensysFOFAZoomEye
References