Re: [NSE] smtp-enum-users

[Duarte Silva <duartejcsilva () gmail com>]

Hi,

Sorry, I only saw the e-mail today. Thanks David for filling my shoes
on this one :P

Regards,
Duarte

On Tue, Sep 7, 2010 at 8:17 PM, David Fifield <david () bamsoftware com> wrote:
> On Tue, Sep 07, 2010 at 12:41:45PM +0200, Martin Holst Swende wrote:
> > Hi,
> > I used the smtp-enum-users, and have some feedback:
> >
> > * The mailserver I tested against answered "553 sorry, relaying denied
> > from your location [<my ip>]" to a RCPT call. This is not handled in the
> > script, which seems to interpret it as STATUS_CODES.INVALID and does not
> > seem to try the other methods, but instead keeps running through the
> > rest of the names in unpwdb.
>
> Thanks, I made a couple of change in response to this. The first is that the
> script will report and error and stop trying user names for the current method
> when it gets an INVALID status code.
>
> | smtp-enum-users:
> |   Method RCPT returned a unhandled status code.
>
> The second is that I added a NOTPERMITTED state for code 553 with RCPT.
>
> > * The usage-section
> > (http://nmap.org/nsedoc/scripts/smtp-enum-users.html) says:
> >
> > nmap --script smtp-user-enum.nse [--script-args smtp-open-relay.methods={EXPN,...},...] -p 25,465,587 <host>
> >
> > should be
> >
> > nmap --script smtp-user-enum.nse [--script-args smtp-user-enum.methods={EXPN,...},...] -p 25,465,587 <host>
>
> This is fixed too.
>
> David Fifield
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/