Day 9
What is the command that enumerate email addresses present on a SMTP server?
- HASH
- VRFY
- READ
- EXPN
- RCPT TO
Page 1 / 1
VERIFY or should that be VRFY 
VERIFY or should that be VRFY
Thanks, corrected. Monday morning...
I know the feeling. Just need that coffee
RCPT TO
VRFY
But this command can be a security problem, because you can extract valid email addresses and use them for further attacks against server and try them as login names…. You cannot disable it completely because the RFC requests it. You can configure it that it gives no real information instead….
RCPT TO
Correction - should be VRFY 
This one was tricky. Correct answer was EXPN, VRFY and RCPT TO 
All three commands are good to enumeration email addresses on a SMTP server.
Here’s an example:
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.