{"id":187,"date":"2022-05-08T21:44:16","date_gmt":"2022-05-08T21:44:16","guid":{"rendered":"https:\/\/cyberlorenzo.tech\/?p=187"},"modified":"2022-05-12T22:52:21","modified_gmt":"2022-05-12T22:52:21","slug":"enumerating-and-exploiting-smtp-protocol","status":"publish","type":"post","link":"https:\/\/cyberlorenzo.tech\/?p=187","title":{"rendered":"Enumerating and Exploiting SMTP protocol"},"content":{"rendered":"\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Tryhackme - Hacking CTF - Enumerating &amp; Exploiting SMTP Protocol\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/TGT33k6kFpM?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Enumeration Techniques <\/h3>\n\n\n\n<p>In this CTF, I used the Nmap tool in conjunction with Metasploit to enumerate the target machine. Nmap allowed me to gather open port details meanwhile I was able to probe for a username using Metasploit. This only required me to align certain values found from our Nmap scan like which port was open (25) and of course the IP address which is already provided.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Exploitation Techniques<\/h3>\n\n\n\n<p>Thanks to those enumeration techniques I was able to confirm a known good username on the SMPT mail server which was &#8220;administrator&#8221; &#8212; a common misconfiguration. I then deployed the Hydra tool, a password cracker, and that allowed me to gain access to the administrator account.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Enumeration Techniques In this CTF, I used the Nmap tool in conjunction with Metasploit to enumerate the target machine. Nmap allowed me to gather open port details meanwhile I was able to probe for a username using Metasploit. This only required me to align certain values found from our Nmap scan like which port was [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":237,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"saved_in_kubio":false,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-187","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-project-one"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberlorenzo.tech\/index.php?rest_route=\/wp\/v2\/posts\/187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberlorenzo.tech\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberlorenzo.tech\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberlorenzo.tech\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberlorenzo.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=187"}],"version-history":[{"count":1,"href":"https:\/\/cyberlorenzo.tech\/index.php?rest_route=\/wp\/v2\/posts\/187\/revisions"}],"predecessor-version":[{"id":188,"href":"https:\/\/cyberlorenzo.tech\/index.php?rest_route=\/wp\/v2\/posts\/187\/revisions\/188"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberlorenzo.tech\/index.php?rest_route=\/wp\/v2\/media\/237"}],"wp:attachment":[{"href":"https:\/\/cyberlorenzo.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberlorenzo.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberlorenzo.tech\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}