Merge pull request #238 from jeffbencteux/smtp-internal-name-disclosure
add SMTP trick to get internal server name
This commit is contained in:
commit
c7d8fcac55
@ -70,6 +70,29 @@ NTLM supported
|
||||
|
||||
Or **automate** this with **nmap** plugin `smtp-ntlm-info.nse`
|
||||
|
||||
### Internal server name - Information disclosure
|
||||
|
||||
Some SMTP servers auto-complete a sender's address when command "MAIL FROM" is issued without a full address, disclosing its internal name:
|
||||
|
||||
```
|
||||
220 somedomain.com Microsoft ESMTP MAIL Service, Version: Y.Y.Y.Y ready at Wed, 15 Sep 2021 12:13:28 +0200
|
||||
EHLO all
|
||||
250-somedomain.com Hello [x.x.x.x]
|
||||
250-TURN
|
||||
250-SIZE 52428800
|
||||
250-ETRN
|
||||
250-PIPELINING
|
||||
250-DSN
|
||||
250-ENHANCEDSTATUSCODES
|
||||
250-8bitmime
|
||||
250-BINARYMIME
|
||||
250-CHUNKING
|
||||
250-VRFY
|
||||
250 OK
|
||||
MAIL FROM: me
|
||||
250 2.1.0 me@PRODSERV01.somedomain.com....Sender OK
|
||||
```
|
||||
|
||||
### Sniffing
|
||||
|
||||
Check if you sniff some password from the packets to port 25
|
||||
|
Loading…
Reference in New Issue
Block a user