25 tcp - SMTP

STMP username enum (smtp-user-enum)

smtp-user-enum -M VRFY -U /usr/share/seclists/Usernames/Names/names.txt -t 10.10.10.17

Nmap username enum

nmap --script smtp-enum-users 10.10.10.51 -p25

Telnet SMTP - send mail

telnet 10.10.10.17 110

#login
user orestis
pass 1234656

#list messages
list

#read message number
retr 1

#To send email using STMP for LFI /var/mail/ValidUserHere
EHLO hacker.anything.com
mail from:hacker@doesnt.matter
rcpt to:ValidVictim@Mail
data
Subject: email title
<your LFI code here>
<new blank line>

smtp send mail

VRFY USER

nc -nv 192.168.1.230 25
VRFY bob

VRFY SCRIPT (Python)

#!/usr/bin/python
import socket
import sys
if len(sys.argv) != 3:
        print "Usage: vrfy.py <username> <ipaddress>"
        sys.exit(0)
print "Verifying user: " + sys.argv[1] + " with " + sys.argv[2]
try:
        s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) #create a socket
        connect=s.connect((sys.argv[2],25)) #connect to the server
        banner=s.recv(1024)
        print banner
        s.send('VRFY ' + sys.argv[1] + '\r\n') #VRFY a user
        result=s.recv(1024)
        print "There is some response: "
        print result
except:
        print "Unable to verify. Server maybe offline/port filtered/unopened"
        s.close()
finally:
        s.close() #close the socket)