🖥️
Siber Güvenlik Notları
  • WHOAMI
    • 👨‍💻Who Am I?
  • 🔭Information Gathering
    • Pentest Makinası Kurulumu
    • Passive Information Gathering
    • Subdomain Enumeration
    • Host Discovery
    • Port Scanning
    • Email Enumeration
    • Leaked Passwords
    • Zafiyet Araştırma
  • 🪟Windows Pentesting
    • Windows Privilege Escalation
    • Windows Persistence
    • Windows Lateral Movement
    • AV Evasion
  • 🐧Linux Pentesting
    • Linux Privilege Escalation
    • Linux Persistence
    • Linux Lateral Movement
  • 🕸️Web Application Pentesting
    • ✅Cross-Site Scripting
    • ✅Information Disclosure
    • ✅Configuration and Deployment Management Testing
    • ✅Broken Authentication
    • ✅Broken Access Control
    • ✅OAuth Zafiyetleri
    • ✅JWT
    • ✅HTTP Parameter Pollution
    • ✅SQL Injection
    • ✅NoSQL Injection
    • ✅XXE Injection
    • ✅File Inclusion & Path Traversal
    • ✅OS Command Injection
    • ❌HTTP Request Smuggling
    • ✅Host Header Attack
    • ✅SSTI
    • ✅SSRF
    • ❌Insecure Deserialization
    • ✅Prototype pollution
    • ❌Web Cache Poisoning
    • ✅LLM
    • ✅Business Logic
    • ✅File Upload
    • ✅Race Conditions
    • ✅CSRF
    • ✅CORS Misconfiguration
    • ✅Clickjacking
    • ✅API Testing
    • ❌GraphQL API
    • AWS Testing
    • ✅Broken Link Hijacking
  • 🖲️Network Service Pentesting
    • 📘Active Directory Services
      • Bleeding Edge Vulns
      • Misconfigs
      • Domain Trust
      • DNS (53)
      • Kerberos (88)
      • LDAP (389,636)
      • RPC WMI (135)
      • SMB (445)
      • WinRM - 5985
    • 📂FTP - 21
    • 🔐SSH - 22
    • 🤣Telnet - 23
    • SMTP - 25
    • TFTP - 69 UDP
    • HTTP - 80,443
      • Apache
      • Joomla
      • Drupal
      • Wordpress
      • WEBDAV
      • PHP
      • Laravel
    • IMAP/POP3 - 110,143,993,995
    • SNMP - 161
    • Rservices - 512
    • IPMI - 623
    • Rsync - 873
    • MSSQL - 1433
    • Oracle TNS - 1521
    • NFS - 2049
    • Docker
    • Grafana - 3000
    • MySQL - 3306
    • RDP - 3389
    • Postgresql - 5432
    • Redis - 6379
    • JDWP - 8000
    • MongoDB - 27017
  • 🕸️Network Pentesting
    • ARP Poisoning
  • 📞Android Pentesting
    • Rooting
    • Burp Suite Sertifikası
    • SSL Pinning Bypass
    • Patching
    • MobSF Kurulumu
    • Flutter Pentesting
  • 📰Teori
    • Güvenlik Ürünleri
    • OSI
    • Security Principles
  • Diğer
    • Hacking Gadgets
      • 🍍Wifi Pineapple
      • Pwnagotchi
    • Stego
    • Buffer Overflow
    • Phishing
    • Nessus
    • MSFConsole
    • DDOS Saldırıları
  • ⏪Reverse
    • GCC Reverse
    • Python Reverse
    • Flare VM
    • Remnux
  • 🛜Wireless Pentesting
    • Wireless Pentest
Powered by GitBook
On this page

Was this helpful?

  1. Network Service Pentesting

SMTP - 25

SMTP Nedir?

SMTP, " Simple Mail Transfer Protocol" anlamına gelir. E-posta gönderimini gerçekleştirmek için kullanılır. E-posta hizmetlerini desteklemek için SMTP ve POP'tan oluşan bir protokol çifti gereklidir.

SMTP sunucusu üç temel işlevi yerine getirir:

  • SMTP sunucusu üzerinden kimin e-posta gönderdiğini doğrular.

  • Giden postayı gönderir

  • Giden posta teslim edilemezse, mesajı gönderene geri gönderir

Banner Grabbing

nc -vn 192.168.1.2 25

Kullanıcı Listeleme

smtp-user-enum -M RCPT -U users.list -D inlanefreight.htb -t 10.129.203.7

Brute Force

hydra -l fiona@inlanefreight.htb -P /usr/share/wordlists/rockyou.txt -t 64 -f 10.129.203.7 smtp

Komut Listeleme

telnet 192.168.1.2 25
HELO attacker.xyz
EHLO attacker.xyz

Mail Gönderme

# CLI
swaks -t victim@example.com -f attacker@example.com --attach @hello.txt --server 192.168.1.1 --header "Subject: Baslik" -au attacker@example.com -ap password123

# GUI
thunderbird
evolution

Open Relay

nmap -p25 -Pn --script smtp-open-relay 10.10.11.213
swaks --from notifications@inlanefreight.com --to employees@inlanefreight.com --header 'Subject: Company Notification' --body 'Hi All, we want to hear from you! Please complete the following survey. http://mycustomphishinglink.com/' --server 10.10.11.213
PreviousTelnet - 23NextTFTP - 69 UDP

Last updated 2 months ago

Was this helpful?

🖲️
  • SMTP Nedir?
  • Banner Grabbing
  • Kullanıcı Listeleme
  • Brute Force
  • Komut Listeleme
  • Mail Gönderme
  • Open Relay