Hmailserver exploit12/3/2023 ![]() Msf auxiliary(smtp_version) > set THREADS 254 Msf auxiliary(smtp_version) > show options msf > use auxiliary/scanner/smtp/smtp_version The smtp_version module, as its name implies, will scan a range of IP addresses and determine the version of any mail servers it encounters. Poorly configured or vulnerable mail servers can often provide an initial foothold into a network but prior to launching an attack, we want to fingerprint the server to make our targeting as precise as possible. Since the email username and system username are frequently the same, you can now use any enumerated users for further logon attempts against other network services. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away. 192.168.1.56:25 Users found: ROOT, backup, bin, daemon, distccd, ftp, games, gnats, irc, libuuid, list, lp, mail, man, news, nobody, postgres, postmaster, proxy, root, service, sshd, sync, sys, syslog, user, uucp, www-data 220 metasploitable.localdomain ESMTP Postfix (Ubuntu) msf auxiliary(smtp_enum) > set RHOSTS 192.168.1.56 ![]() Using the module is a simple matter of feeding it a host or range of hosts to scan and a wordlist containing usernames to enumerate. of Exploits Vulnerability Type (s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. USER_FILE /usr/share/metasploit-framework/data/wordlists/unix_users.txt yes The file that contains a list of probable users accounts. UNIXONLY true yes Skip Microsoft bannered servers when testing unix users THREADS 1 yes The number of concurrent threads RHOSTS yes The target address range or CIDR identifier The whole write-up is considering external attacks, and as such you wont find suggestions for internal hardening measures. ![]() Well in fact I had to cheat later on, as hMailServer didnt support VRFY at all, and so set up another SMTP-server mercury. Name Current Setting Required Description So I set up a little hMailServer and did some creative googling to get myself started. Module options (auxiliary/scanner/smtp/smtp_enum): msf > use auxiliary/scanner/smtp/smtp_enum However, on SeptemGitLab revised the CVSSv3 score to 10.0. CVE-2021-22205 was initially assigned a CVSSv3 score of 9.9. The SMTP Enumeration module will connect to a given mail server and use a wordlist to enumerate users that are present on the remote system. A remote attacker could execute arbitrary commands as the git user due to ExifTool’s mishandling of DjVu files, an issue that was later assigned CVE-2021-22204.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |