SMTP Enumeration 143
The following commands can be used against an NTP server:■ ntpdate
■ ntptrace
■ ntpdc
■ ntpq
SMTP Enumeration
Yet another effective way of gathering information from a target is through the use of
SMTP. This protocol is designed to send messages between servers that send and receive
e-mail. SMTP is the standard used by the majority of e-mail servers and clients today.
So how is this protocol used to gather information from a server? The process is quite
simple if you have a fundamental understanding of a few commands and how to use them.
If you are following along and wish to execute the following commands
on a Windows system, be aware that for versions later than Windows XP
Microsoft does not include a telnet client. You must download the client
from Microsoft (at no charge).Using VRFY
One easy way to verify the existence of e-mail accounts on a server is by using the tel-
net command to attach to the target and extract the information. The VRFY command is
used within the protocol to check whether a specific user ID is present. However, this same
command can be used by an attacker to locate valid accounts for attack, and if scripted, it
could also be used to extract multiple accounts in a short time, as shown here:
telnet 10.0.0.1 25 (where 10.0.0.1 is the server IP and 25 is the port for SMTP)
220 server1 ESMTP Sendmail 8.9.3
HELO
501 HELO requires domain address
HELO x
250 server1 Hello [10.0.0.72], pleased to meet you
VRFY chell
250 Super-User link@server1
VRFY glados
550 glados... User unknown