search

25 ~ SMTP

https://docs.google.com/document/d/1e4qV-nTF3guKg9g9bJSx6uMzdJz4uzY_0W3veNiTgSY/edit?tab=t.0

hashtag
Enumeration

First, we have to establish a TCP connection on port 25 of the SMTP server:

$ nc -nv <target> 25
EHLO <address>

250-<address>
250-<command>
...
250-SIZE
250-DSN
250 PIPELINING
...

hashtag
Log poisoning

Given that we have found a way to access log file (eg. LFI) directories such as:

/var/log/mail
/var/log/syslog

There are some commands that may allow us to have our input directly appear in the logs:

hashtag
1. RCPT TO

hashtag
2. VRFY

Previous22 ~ SSHNext53 ~ DNS

Last updated