Smtp/smtp enum

De www.metasploit-es.com.ar

El modulo Enumeracion SMTP conectara a un servidor de correo dado y utilizara una lista de palabras para enumerar usuarios presentes en el sistema remoto. 

msf > use auxiliary/scanner/smtp/smtp_enum 
msf auxiliary(smtp_enum) > show options

Module options:

   Name       Current Setting                                      Required  Description
   ----       ---------------                                      --------  -----------
   RHOSTS                                                          yes       The target address range or CIDR identifier
   RPORT      25                                                   yes       The target port
   THREADS    1                                                    yes       The number of concurrent threads
   USER_FILE  /opt/metasploit3/msf3/data/wordlists/unix_users.txt  yes       The file that contains a list of probable users accounts.
   VERBOSE    false                                                yes       Whether to print output for all attempts

Utilizar el modulo es simplemente cuestion de alimentarlo con un host o rango de hosts para escanear y una lista de palabras que contenga nombres de usuario para enumerar. 

msf auxiliary(smtp_enum) > set RHOSTS 192.168.1.56
RHOSTS => 192.168.1.56
msf auxiliary(smtp_enum) > run

[*] 220 metasploitable.localdomain ESMTP Postfix (Ubuntu)

[*] Domain Name: localdomain
[+] 192.168.1.56:25 - Found user: ROOT
[+] 192.168.1.56:25 - Found user: backup
[+] 192.168.1.56:25 - Found user: bin
[+] 192.168.1.56:25 - Found user: daemon
[+] 192.168.1.56:25 - Found user: distccd
[+] 192.168.1.56:25 - Found user: ftp
[+] 192.168.1.56:25 - Found user: games
[+] 192.168.1.56:25 - Found user: gnats
[+] 192.168.1.56:25 - Found user: irc
[+] 192.168.1.56:25 - Found user: libuuid
[+] 192.168.1.56:25 - Found user: list
[+] 192.168.1.56:25 - Found user: lp
[+] 192.168.1.56:25 - Found user: mail
[+] 192.168.1.56:25 - Found user: man
[+] 192.168.1.56:25 - Found user: news
[+] 192.168.1.56:25 - Found user: nobody
[+] 192.168.1.56:25 - Found user: postgres
[+] 192.168.1.56:25 - Found user: postmaster
[+] 192.168.1.56:25 - Found user: proxy
[+] 192.168.1.56:25 - Found user: root
[+] 192.168.1.56:25 - Found user: service
[+] 192.168.1.56:25 - Found user: sshd
[+] 192.168.1.56:25 - Found user: sync
[+] 192.168.1.56:25 - Found user: sys
[+] 192.168.1.56:25 - Found user: syslog
[+] 192.168.1.56:25 - Found user: user
[+] 192.168.1.56:25 - Found user: uucp
[+] 192.168.1.56:25 - Found user: www-data
[-] 192.168.1.56:25 - EXPN : 502 5.5.2 Error: command not recognized
[+] 192.168.1.56:25 Users found: ROOT, backup, bin, daemon, distccd, ftp, games, gnats, irc, libuuid, list, lp, mail, man, news, nobody, postgres, postmaster, proxy, root, service, sshd, sync, sys, syslog, user, uucp, www-data
[*] 192.168.1.56:25 No e-mail addresses found.
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(smtp_enum) >

Ya que el nombre de usuario del correo y el nombre de usuario del sistema son frecuentemente el mismo, puedes utilizar los nombres enumerados en posteriores intentos de inicio de sesion contra otros servicios de red.



© Offensive Security 2009 

Original de www.offensive-security.com
Traducido por cbk999
Obtenido de «http://www.metasploit-es.com.ar/wiki/index.php/Smtp/smtp_enum»
Herramientas personales