Extracting information from e-mail servers

  • 224
  •  
  •  
  • 1
  •  
  •  
  •  
    225
    Shares

E-mail servers can give a lot of data for hackers and penetration testers. For e-mail to function properly, external traffic must move through your border devices like routers and firewalls, to an internal device, typically somewhere inside your protected networks.

As a result of this, we can usually collect important pieces of data by interacting directly with the e-mail server. One of the first things to do when trying to recon an e-mail server is to send an e-mail to the company with an empty .bat file or an any.exe file like calc.exe. In this example, the idea is to send a message to the target e-mail server inside the company in the hope of having the e-mail server inspect, and then reject the message.

Once the refused message is returned back to us, we can try to extract data from the targeted e-mail server. In many situations, the body of the message will include some info saying that the server does not accept e-mails with probably dangerous extensions. This message usually indicates the particular vendor and version of antivirus that was used to scan the e-mail. As an attacker or a pen tester, this is a big piece of information to obtain.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!