Hacking SMTP (Simple Mail Transfer Protocol) - Hacking: Tapping into the Matrix: Step by Step Guide on How to Hack, including Tips, Secrets, Steps, and Hidden Traps! (2014)

Hacking: Tapping into the Matrix: Step by Step Guide on How to Hack, including Tips, Secrets, Steps, and Hidden Traps! (2014)

Chapter 9. Hacking SMTP (Simple Mail Transfer Protocol)

Have you ever imagined how it would be like to hack emails? Well, that would be easy if you could go through SMTP, or Simple Mail Transfer Protocol. This operates between ports 110 to 143, and is known as a server to server protocol. Most of the commands you’ll use here include:

1. HELO. This basically initiates conversation, and is often accompanied by domain name and IP Address. For example HELO client.microsoft.com or HELO

2. VRFY. This helps the server verify if a mailbox actually exists.

3. STARTTLS. This makes it easy to add images, audio, and videos to messages, because usually, transport layer security becomes a barrier between client and server—and only makes way for text.

4. EHLO. This is almost like HELO but is often used on extended SMTP. When this command is recognized, command and reply becomes easy.

5. DATA. This helps the transfer of message begin.

6. RCPT. This determines the recipient’s address.

7. MAIL. Meanwhile, this determines the address of the sender.

8. RSET. This aborts recent email transactions.

9. QUIT. And of course, this ends the connection between client and server.

Here’s what you should do:

1. Open Kali and then start a terminal, and then connect telnet and SMTP server manually. You can do this by typing: kali > telnet

2. Try typing email addresses manually. Try typing and email address together with any of the commands given above just to check if it’s viable. But mostly, you can use VRFY sys. For example:

johnabc@gmail.comVRFY sys

VRFY sys snowwhite@gmail.com

augustbooth@yahoo.com VRFY sys

3. The system then will tell you if those email addresses are real and if you can hack into them.

4. Now make use of SMTP > User> Enum. This is manual query, and you can find it at:

Applications > Kali Linux > Information Gathering > SMTP Analysis > SMTP – USER – ENUM

5. Now, when you click that, you should see something like this onscreen:

kali > smtp-user-enum -M VRFY -U <userlist> -t <target IP>

6. Now, it’s time to create a command that you can use to exploit SMTP and make it work in your favor. Try this:


kali > smtp-user-enum -M VRFY -U /usr/sharefern-wifi-cracker/extras/wordlist -t

7. This will then scan information from the user’s account and show the information that you need onscreen. Use one of those password cracking software to save and backup information.