SMTP
Nmap discovered a SMTP server on the target port 25
The running service is Microsoft ESMTP 10.0.17763.1
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/butch]
└─$ nmap -Pn --script smtp-* -p25 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-26 13:22 CET
Nmap scan report for 192.168.238.63
Host is up (0.019s latency).
PORT STATE SERVICE
25/tcp open smtp
| smtp-commands: butch Hello [192.168.45.221], TURN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK
|_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ETRN BDAT VRFY
| smtp-enum-users:
|_ Method EXPN returned a unhandled status code.
|_smtp-open-relay: Server is an open relay (5/16 tests)
| smtp-vuln-cve2010-4344:
|_ The SMTP server is not Exim: NOT VULNERABLE
Nmap done: 1 IP address (1 host up) scanned in 1.24 secondsPerforming an additional Nmap scan reveals available commands.
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/butch]
└─$ telnet $IP 25
Trying 192.168.238.63...
Connected to 192.168.238.63.
Escape character is '^]'.
220 butch Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Wed, 26 Feb 2025 04:23:00 -0800
HELO x
250 butch Hello [192.168.45.221]
EHLO all
250-butch Hello [192.168.45.221]
250-TURN
250-SIZE 2097152
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250 OKN/A