SMTP

NMAP Scan

// SERVICE REASON         VERSION
25/tcp open  smtp    syn-ack ttl 63 JAMES smtpd 2.3.2
| smtp-vuln-cve2010-4344: 
|_  The SMTP server is not Exim: NOT VULNERABLE
|_smtp-commands: solidstate Hello nmap.scanme.org (10.10.14.12 [10.10.14.12])
Service Info: Host: solidstate

Version 2.3.2 James SMTPD

Potential Vulnerabilities

Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)Exploit Database

Although the target is vulnerable to this exploit, we are not able to execute code because it requires someone to log in via SSH.

Username Enumeration

Unfortunately the target does not support the following commands that can be used for username enumeration, EXPN, VRFY, RCPT TO.

The user root was found. We could probably try to brute force other services around this username.