Enumerate Windows Users with STMP

Enumerating Window Usernames remotely is always fun. If you want to break into a system fast, see if STMP is running. Most admins run STMP on their servers.

Here is a simple script that will make this task easy.


import socket

import sys

if len(sys.argv) ! = 2:

print “usage: <username>”


s = socket.socket(socket.AF_INIT, socket.SOCK_STREAM)

connect = s.connect ((‘IPADRESS’,25))

banner = s.recv(1024)

print banner

s.send (‘VRFY ‘ + sys.argv [1] + ‘\r\n’)

result = s.recv(1024)

print result



Now all you have to do is run this with a simple bash script to brute force usernames.

Leave a Reply

Your email address will not be published. Required fields are marked *