1
00:00:00,890 --> 00:00:02,450
S m p p.

2
00:00:03,610 --> 00:00:08,680
Serves on board 25 and it's used for sending and receiving emails.

3
00:00:10,780 --> 00:00:16,120
The service has two interesting commands that reveal information about the mail server users.

4
00:00:17,460 --> 00:00:22,410
They are ESPN and the RF, why?

5
00:00:24,880 --> 00:00:28,720
There are numerous ways to get names or these commands.

6
00:00:29,970 --> 00:00:33,390
But let's go and check out the MSF auxiliaries.

7
00:00:34,670 --> 00:00:44,210
So these auxiliary modules probe the SMTP server on the target for the version and then list the SMTP

8
00:00:44,450 --> 00:00:50,450
server users, so you have assumptive port open on meds, voidable to.

9
00:00:51,350 --> 00:00:56,570
Services that SMTP and here's the info.

10
00:00:57,970 --> 00:01:03,870
SMTP verify, that's a command that helps you to check for users.

11
00:01:04,780 --> 00:01:07,810
And before using any module, I want to show you that.

12
00:01:08,920 --> 00:01:11,860
From the MSF console tray.

13
00:01:12,750 --> 00:01:16,830
You can connect s.m TV service on metastable suitable to.

14
00:01:18,470 --> 00:01:25,730
Telnet 10 dot tend to dot, tend to five and the connections established.

15
00:01:27,110 --> 00:01:31,010
So verify, admit there is no admin.

16
00:01:32,010 --> 00:01:36,240
Verify Métis point, OK, no user with that name.

17
00:01:37,600 --> 00:01:44,020
Verify MSF admin, OK, yes, so I found one username.

18
00:01:45,270 --> 00:01:49,680
Verify route, yeah, second username.

19
00:01:50,760 --> 00:01:53,460
Verify administrator.

20
00:01:54,340 --> 00:01:55,780
OK, no user with that name.

21
00:01:56,920 --> 00:02:06,070
Verify and another correct username, I think he get the point, because without any vulnerability,

22
00:02:06,520 --> 00:02:10,090
you get usernames, exit telnet.

23
00:02:11,450 --> 00:02:13,430
It was great telnet.

24
00:02:16,060 --> 00:02:20,320
OK, so, as always, search for SMTP auxiliaries.

25
00:02:22,200 --> 00:02:26,550
And first, pick a SMTP version.

26
00:02:29,450 --> 00:02:30,890
Show options.

27
00:02:33,920 --> 00:02:41,210
OK, so I will set our host to tend not tend to doubt one four and run the module.

28
00:02:44,230 --> 00:02:47,140
So this is the SMTP service Baner.

29
00:02:48,740 --> 00:02:50,060
Now, let's pick another module.

30
00:02:51,630 --> 00:02:53,600
SMTP Inam.

31
00:02:54,980 --> 00:02:55,880
Show options.

32
00:02:57,310 --> 00:02:59,680
And I will very quickly set our hosts.

33
00:03:02,990 --> 00:03:06,110
So let me check if everything is fine with all the variables.

34
00:03:08,640 --> 00:03:12,750
OK, so set threads to 10 and run the module.

35
00:03:17,410 --> 00:03:21,580
So I think I have a problem with module execution, did you catch it?

36
00:03:22,470 --> 00:03:25,590
Because it lasts a whole lot longer than it ought to.

37
00:03:26,550 --> 00:03:27,000
So.

38
00:03:28,630 --> 00:03:31,620
Let's set thread's one again.

39
00:03:32,680 --> 00:03:33,850
And run the module.

40
00:03:37,660 --> 00:03:38,890
And this time it works.

41
00:03:39,790 --> 00:03:42,190
And here are the SMTP users.

42
00:03:43,110 --> 00:03:45,030
So make a note of these users.

43
00:03:46,210 --> 00:03:49,660
You're going to be able to use them and the brute force dictionaries.