Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Learning Penetration Testing with Python

You're reading from   Learning Penetration Testing with Python Utilize Python scripting to execute effective and efficient penetration tests

Arrow left icon
Product type Paperback
Published in Sep 2015
Publisher
ISBN-13 9781785282324
Length 314 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Christopher Duffy Christopher Duffy
Author Profile Icon Christopher Duffy
Christopher Duffy
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Understanding the Penetration Testing Methodology FREE CHAPTER 2. The Basics of Python Scripting 3. Identifying Targets with Nmap, Scapy, and Python 4. Executing Credential Attacks with Python 5. Exploiting Services with Python 6. Assessing Web Applications with Python 7. Cracking the Perimeter with Python 8. Exploit Development with Python, Metasploit, and Immunity 9. Automating Reports and Tasks with Python 10. Adding Permanency to Python Tools Index

Testing for users using SMTP VRFY


Now that we have a list of usernames and we know that SMTP is open, we need to see if VRFY is enabled. This is extremely simple, all you do is telnet into port 25 and execute the command VRFY followed by a word and hit enter. The great part about checking for usernames this way is that if VRFY is enabled, something is wrong with the secure deployment practices, and if it is Internet facing, they are likely not monitoring it. Reduce the number of credential attack guesses in an online credential attack against an interface will reduce the chances of being caught. The simple commands to execute this are shown in the following figure:

We did not get a hit for smith, but perhaps others will confirm during this attack. Before we write our script, you need to know the different error or control messages that can be produced in most SMTP systems. These can vary and you should design your script well enough to be modified for that environment.

Return code

Meaning...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime