Day 9
What is the command that enumerate email addresses present on a SMTP server?
- HASH
- VRFY
- READ
- EXPN
- RCPT TO
Solved
Question of the day 10/09, Cybersecurity Edition
+12Best answer by marcofabbri
This one was tricky. Correct answer was EXPN, VRFY and RCPT TO 😋
All three commands are good to enumeration email addresses on a SMTP server.
Here’s an example:
Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
+7VERIFY or should that be VRFY 😉
Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader
+12VERIFY or should that be VRFY 😉
Thanks, corrected. Monday morning...
Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
+7I know the feeling. Just need that coffee
Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader
+21RCPT TO
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
+16VRFY
But this command can be a security problem, because you can extract valid email addresses and use them for further attacks against server and try them as login names…. You cannot disable it completely because the RFC requests it. You can configure it that it gives no real information instead….
Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | Veeam Certified Engineer (VMCE) | LinkedIn: https://www.linkedin.com/in/jochen-meixner | X: @JoMeix | BlueSky: @jmeixner.bsky.social
+21RCPT TO
Correction - should be VRFY 😂
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
+12This one was tricky. Correct answer was EXPN, VRFY and RCPT TO 😋
All three commands are good to enumeration email addresses on a SMTP server.
Here’s an example:
Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.