Skip to main content

Day 9

What is the command that enumerate email addresses present on a SMTP server?

  • HASH
  • VRFY
  • READ
  • EXPN
  • RCPT TO

VERIFY or should that be VRFY 😉


VERIFY or should that be VRFY 😉

Thanks, corrected. Monday morning...


I know the feeling. Just need that coffee


RCPT TO


VRFY

But this command can be a security problem, because you can extract valid email addresses and use them for further attacks against server and try them as login names…. You cannot disable it completely because the RFC requests it. You can configure it that it gives no real information instead….


RCPT TO

Correction - should be VRFY 😂


This one was tricky. Correct answer was EXPN, VRFY and RCPT TO 😋

All three commands are good to enumeration email addresses on a SMTP server.

Here’s an example:
 

VRFY command, and EXPN is very similar.
RCPT TO command

 


Comment