Thursday , February 21 2019
Home / IT Security / Black Hat / EXTRACTING INFORMATION FROM E-MAIL SERVERS
EXTRACTING INFORMATION FROM E-MAIL SERVERS
EXTRACTING INFORMATION FROM E-MAIL SERVERS

EXTRACTING INFORMATION FROM E-MAIL SERVERS

E-Mail Servers: E-mail servers can provide a wealth of information for hackers and penetration testers. In many ways, e-mail is like revolving door to your target’s organization.

Assuming your target is hosting their own e-mail server, this is often a great place to attack. It is important to remember.

“You can’t block what you must let in.”

In other words, for e-mail to function properly, external traffic must pass through your border devices like routers and firewalls, to an internal machine, typically somewhere inside your protected networks.

 

As a result of this, we can often gather significant pieces of information by interacting directly with the e-mail sever.

One of the first thing to do when attempting to recon an e-mail server is to send an e-mail to the organization with an empty .bat file or a nonmalicious .exe file like calc.exe.

In this case, the goal is to send a message to the target e-mail server inside the organization in the hope of having the e-mail server inspect, and then reject the message.

 

Once the rejected message is returned back to us, we can attempt to extract information about the target e-mail server.

In many cases, the body of the message will include a precanned write-up explaining that the server does not accept e-mails with potentially dangerous extensions.

This message often indicates the specific vendor and version of antivirus that was used to scan the e-mail. As an attacker, this is a great piece of information to have.

 

Having return message from a target e-mail server also allows us to inspect the header of the e-mail.

Inspecting the internet headers will often allow us to extract some basic information about the e-mail server, Including IP addresses and the specific software versions or brand of e-mail server running.

Knowing the IP address and software version scan is incredibly useful when we move into the exploitation phase (step 3).

About Mirza Ghalib

A Passionate Bloggers from Pakistan, Who Loves to Put Content That Talks About The Reality of Current Situations.

Check Also

Unlicensed Software Users in Pakistan

Unlicensed Software Users in Pakistan

There are different software multi-national companies who had lost billions of dollars. The reason for …

Leave a Reply

Your email address will not be published. Required fields are marked *