*Consuming server storage space by increasing size of attachment (With no. of messages and no. of times sent messages). [Storage overload].
*Consuming bandwidth available for email server. [bandwidth block].
Attacking Mail Server.
1.Banner Grab
Gather information of the mail server using banner. To do this,
Telnet E-mail server
ex : telnet "email server ip" 25 }SMTP
telnet "email server ip" 101 }POP
telnet "email server ip" 143 }IAMP
If they didn't gave any response to get the info (about version and product of email app/server),We can use any other tool. There's linux base tool for this called "smtp scan"
It gives more info bot mail server.(version,port,all ports available).
SMTP Attacks
Account Enumeration
VRFY comand
It stands for verify. using this command we can verify that an exact user exist in the mail server which we are going to attack.. Can try a Dictionary Harvest Attack(DHA) to do this.
How to do ;
Telnet mail server on smtp port(25) as above.
type : vrfy ex@example.com
EXPN comand.
This stand for expand. It expand the mail list relevant to you input.
How to do ;
Telnet mail server on smtp as above.
Type : expn cooluser<----mail list u guess that there could be exist.
Another automated tool for this email verification is
Tomsoft's Essential Net Tools. simply enter email address and start.
Use The Harvester to glean the mail addresses from search engines.(only google and msn engines.it's only for linux)
In kali ; go information gathering > SMTP > googlemail
and type like this :
./googlemail.py -d <yourdomain> -1500 -b google
this is the harvester.help guid will come when execute the py.
Mail trafic capturing tools
*dsniff package
*mail snarf --- email packet sniffer.
No comments:
Post a Comment