Background

While working on Penetration Testing with Kali Linux (PWK) training offered by Offensive Security, I came across a tool called smtp-user-enum. It is a perl script to enumerate OS-level user accounts on Solaris via the SMTP service (sendmail).

In its usage documentation, it mentions an option to pass a list of hostnames running the SMTP service via a file, to use for enumeration. When trying out that option, I noticed that it didn’t work. Upon taking a close look at the script, I noticed that although it looks for the option -T in the arguments list¹, it was never part of the getopts evaluation², thus erroring out.

As it stands, I do not like having SSH keys tied to GitHub/Gitlab accounts on my Kali Linux virtual machine, so instead, I found a way to use a Debian container via toolbox on my regular workstation using Fedora, to create the necessary patches to conform to Debian packaging standards and submitting a pull request on Kali Linux’s stmp-user-enum package repo.

This post recounts of the steps I used, in case someone finds it useful or for my own reference in the future.

Note: I chose to use a Debian image here as I plan to work on other things via the same toolbox. We could have chosen to use Kali Linux docker image instead as well.

The Details

How toolbox works

We can create the first “toolbox” by invoking toolbox enter on Fedora. This will use the same Fedora version as our running host. That is, if the running host is Fedora 33, it will download the same container image via https://registry.fedoraproject.org.

However, we will see that the registry does not have a Debian image from which we can work from.

Using Debian Docker image

Toolbox uses podman³ in the background instead of docker. However, we can still pull a Debian docker image from Docker Hub.

First create a Debian “toolbox” named “debtest” as follows:

toolbox create -c debtest --image docker.io/debian:testing

Once it has finished downloading the docker image, we can enter the toolbox as:

toolbox enter debtest

We notice that we have entered our toolbox via the change in shell prompt:

⬢[user@toolbox ~]$

Creating the patch

Here we will use the Debian git-buildpackage (gbp) (Found a nice guide on gbp⁴ mentioned in another pull request⁵) to create and apply our changes according to Debian packaging standards. So install the package:

sudo apt install git-buildpackage -y

Fork the smtp-user-enum package on Gitlab. Clone the forked repository and enter the directory:

git clone git@gitlab.com:<your-username>/smtp-user-enum.git && cd smtp-user-enum

Create our feature branch:

git checkout -b getopts-Targets-file

Apply the previous patches by executing:

gbp pq import

This will move us to a patch queue branch called patch-queue/getopts-Targets-file. We can check this by running:

git branch

Now we can create our changes and commit them. Afterwards, we regenerate the patches in debian/patches/ by running:

gbp pq export

This will drop us back into our original branch getopts-Targets-file. Now we add debian/patches to git and commit them:

git add debian/patches
git commit

Then push those changes to your repository:

git push -u origin getopts-Targets-file

And then we create a pull request at the original repository, wait for the Gitlab CI jobs to run and turn green, and hope that one of the Kali Linux developers merges it. 😄