Saturday , November 17 2018
Home / IT Security / Black Hat / EXTRACTING INFORMATION FROM E-MAIL SERVERS
EXTRACTING INFORMATION FROM E-MAIL SERVERS
EXTRACTING INFORMATION FROM E-MAIL SERVERS

EXTRACTING INFORMATION FROM E-MAIL SERVERS

E-Mail Servers: E-mail servers can provide a wealth of information for hackers and penetration testers. In many ways, e-mail is like revolving door to your target’s organization.

Assuming your target is hosting their own e-mail server, this is often a great place to attack. It is important to remember.

“You can’t block what you must let in.”

In other words, for e-mail to function properly, external traffic must pass through your border devices like routers and firewalls, to an internal machine, typically somewhere inside your protected networks.

 

As a result of this, we can often gather significant pieces of information by interacting directly with the e-mail sever.

One of the first thing to do when attempting to recon an e-mail server is to send an e-mail to the organization with an empty .bat file or a nonmalicious .exe file like calc.exe.

In this case, the goal is to send a message to the target e-mail server inside the organization in the hope of having the e-mail server inspect, and then reject the message.

 

Once the rejected message is returned back to us, we can attempt to extract information about the target e-mail server.

In many cases, the body of the message will include a precanned write-up explaining that the server does not accept e-mails with potentially dangerous extensions.

This message often indicates the specific vendor and version of antivirus that was used to scan the e-mail. As an attacker, this is a great piece of information to have.

 

Having return message from a target e-mail server also allows us to inspect the header of the e-mail.

Inspecting the internet headers will often allow us to extract some basic information about the e-mail server, Including IP addresses and the specific software versions or brand of e-mail server running.

Knowing the IP address and software version scan is incredibly useful when we move into the exploitation phase (step 3).

About Jahanzaib Khan

Jahanzaib Khan is the CEO of JahaSoft.Pk A Web Development, Digital Marketing & Web Hosting Company Based in Pakistan. https://www.JahaSoft.pk

Check Also

A New Dump of Pakistan Debit & Credit Cards Leaked Online

A New Dump of Pakistan Debit & Credit Cards Leaked Online

The BankIslami hack was basically done via a dark web forum, where the information on …

Leave a Reply

Your email address will not be published. Required fields are marked *