SMTP enumeration involves probing a mail server to gather information about users and configurations. Two important SMTP commands used in enumeration are:
VRFY: Verifies whether a particular email address or user ID exists on the mail server.
EXPN: Reveals the actual addresses behind a mailing list or alias.
These commands allow attackers or penetration testers to enumerate valid user accounts or group memberships, which can later be targeted for phishing, spam, or brute-force attacks.
Incorrect Options:
B. Daily outgoing message limits are not typically disclosed via SMTP.
C. RCPT TO is used to designate a message recipient, but it doesn't enumerate open ports.
D. Mail proxy addresses are not revealed directly via SMTP enumeration.
Reference – CEH v13 Official Courseware:
Module 04: Enumeration
Section: “SMTP Enumeration Techniques”
Tool Reference: smtp-user-enum, Netcat
=
Submit