Enumerating using SMTP
Who would think a simple protocol that we use in day-to-day life, such as SMTP, could reveal so much about a network? A famous T-shirt went around at Blackhat several years ago. Most people didn't understand the meaning. It simply said I read your email.:
Figure 5.4 – I read your email T-shirt from Blackhat
That's so true. Normally, email is transmitted in clear text, meaning that messages are readable. As email servers communicate with each other, they also transmit information via the SMTP protocol, which can be used to further enumerate your network.
The purpose of this is not necessarily to read people's emails, even though that could give up a lot of information. It's more about looking at what we refer to as the headers of the email, which is the information that gets attached to the beginning of the email during transit, which exposes quite a bit.
So, what is SMTP? It's simply a protocol we...