Day 9
What is the command that enumerate email addresses present on a SMTP server?
- HASH
- VRFY
- READ
- EXPN
- RCPT TO
Best answer by marcofabbri
View original
Question of the day 10/09, Cybersecurity Edition
Userlevel 7
+13
Userlevel 7
+7
VERIFY or should that be VRFY 😉
Userlevel 7
+13
VERIFY or should that be VRFY 😉
Thanks, corrected. Monday morning...
Userlevel 7
+7
I know the feeling. Just need that coffee
Userlevel 7
+20
RCPT TO
Userlevel 7
+17
VRFY
But this command can be a security problem, because you can extract valid email addresses and use them for further attacks against server and try them as login names…. You cannot disable it completely because the RFC requests it. You can configure it that it gives no real information instead….
Userlevel 7
+20
RCPT TO
Correction - should be VRFY 😂
Userlevel 7
+13
This one was tricky. Correct answer was EXPN, VRFY and RCPT TO 😋
All three commands are good to enumeration email addresses on a SMTP server.
Here’s an example:
Comment
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.