SolidState_SMTP

SMTP

---

Nmap discovered a SMTP service running on the target port 25 it’s running james smtpd 2.3.2 likely from apache james

Initial Enumeration

---

┌──(kali㉿kali)-[~/archive/htb/labs/solidstate]
└─$ nmap --script smtp-enum-users -p25 $IP  
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-18 03:06 CET
Nmap scan report for 10.10.10.51
Host is up (0.033s latency).
 
PORT   STATE SERVICE
25/tcp open  smtp
| smtp-enum-users: 
|_  root
 
Nmap done: 1 IP address (1 host up) scanned in 10.69 seconds

Additional Nmap scan to enumerate users root is a valid user

VRFY and EXPN commands are not supported

┌──(kali㉿kali)-[~/archive/htb/labs/solidstate]
└─$ telnet $IP 25
Trying 10.10.10.51...
Connected to 10.10.10.51.
Escape character is '^]'.
220 solidstate SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 17 Jan 2023 21:04:56 -0500 (EST)
EHLO kali
250-solidstate Hello kali (10.10.14.5 [10.10.14.5])
250-PIPELINING
250 ENHANCEDSTATUSCODES
MAIL FROM: root
501 5.1.7 Syntax error in MAIL command
MAIL FROM: root@localhost
501 5.1.7 Syntax error in MAIL command

Not much left to do without a valid credential and domain context