Thursday, December 24, 2015

how to brute force local users using telnet on open SMTP relays

Sometimes doing a penetration test there is a open SMTP relay.
This can be used to brute force local users.

telnet <smtp-server> <port>

smtp> HELO test
smtp> MAIL FROM:
smtp> RCPT TO: admin@localhost
smtp> RCPT TO: root@localhost 
smtp> RCPT TO: test@localhost 
smtp> RCPT TO: local@localhost 

You will receive different responses if user exists or not.