LPTv4 module 39 email security penetration testing

Steps for Email Penetration Testing cont’d 9 • Perform ActiveX vulnerability test 10 • Perform IFrame remote vulnerability test 11 • Perform MIME header vulnerability test • Perform malf

ECSA/ LPT

EC-Council

Em ail Security

Penetration Testing Roadmap

Start Here

Firewall

Penetration Testing

Router and Switches

Penetration Testing

Internal Network

Penetration Testing

IDS

Penetration Testing

Wireless Network

Penetration Testing

Denial of Service

Penetration Testing

Password Cracking

Stolen Laptop, PDAs and Cell Phones

Social Engineering Application

Cont’d

Penetration Testing Penetration Testing Penetration Testing

Penetration Testing

Penetration Testing Roadmap

Penetration Testing

Log Management

Penetration Testing

File Integrity Checking

Blue Tooth and Hand held Device

Penetration Testing

Telecommunication

End Here

Introduction to Email Security

Email accounts are the repositories where people store their p p p private information or even their business data.

Due to the widespread use of the Internet techniques and

tools, a hacker can access the user’s ID and email password.

Pre-Requisite For Email

Penetration Testing

E il dd hi h f

Email address on which you want to perform

penetration testing

Steps for Email Penetration

Testing

1 • Try to access email ID and password

2 • Check whether anti-phishing software is enabled

• Check whether anti-spamming tools are enabled

3 • Check whether anti-spamming tools are enabled

4 • Try to perform email bombing

5 • Perform CLSID extension vulnerability test

6 • Perform VBS attachment vulnerability test

7 • Perform double file extension vulnerability test

• Perform long filename vulnerability test

Steps for Email Penetration

Testing (cont’d)

9 • Perform ActiveX vulnerability test

10 • Perform IFrame remote vulnerability test

11 • Perform MIME header vulnerability test

• Perform malformed file extension vulnerability test

13 • Perform access exploit vulnerability test

14 • Perform fragmented message vulnerability test

Step 1: Try to Access Email ID

and Password

Use social engineering

techniques to get hint for

user names and passwords.

See the hint for forgotten passwords.

Use different password cracking tools, such as Hydra and John the Ripper to

and John the Ripper to

Step 2: Check Whether Phishing Software are Enabled

Anti-Send the mail containing a malicious link that redirects to

the malicious site.

Ch k h th th il i bl k d b ti hi hi t l

Check whether the mail is blocked by any anti-phishing tool

such as Netcraft.

Step 3: Check Whether Spamming Tools are Enabled

Anti-Use different bulk emailing tools, such as Fairlogic WorldCas and Handymailer to send the spam mail

Check whether anti spamming tools are enabled or not

WorldCas and Handymailer to send the spam mail.

Check whether anti-spamming tools are enabled or not.

Check if the spam mails are marked as spam or blocked.

Step 4: Try to Perform Email

Bombing

Mail bombing can be defined as the act of sending unwanted mails in large numbers which fills up the recipient’s mailbox

Send unwanted bulk mails in large number to the email

bomber

Check if these mails are marked differently or blocked

by mail client or mail servers

Step 5: Perform CLSID Extension

Vulnerability Test

Send the attachment with Class ID (CLSID) file

extension to the email ID.

Go to the mail and try to read the mail.

If you can run this attachment, the email is

vulnerable to CLSID extension attack.

Step 6: Perform VBS Attachment

Vulnerability Test

Send the

h

If you can run this attachment

with VBS

file

Go to the mail and try to read

run this attachment, the email is vulnerable extension

to the email

ID.

try to read the mail.

vulnerable

to VBS extension

tt k attack.

Step 7: Perform Double File Extension Vulnerability Test

Send the double extension file to the email

ID.

Go to the mail and try to read the mail.

Go to t e a a d t y to ead t e a

If you can run this attachment, the email is

vulnerable to double file extension attack.

Step 8: Perform Long Filename

Vulnerability Test

Send the attachment with a long filename

Go to the mail and try to read the mail.

If you can open this attachment, the email you ca ope s a ac e , e e a

is vulnerable to a long filename attack.

Step 9: Perform ActiveX

Vulnerability Test

The Microsoft virtual machine (Microsoft VM) includes a security

vulnerability that may allow script code in a web page or HTML based

email message to access ActiveX controls

Send an HTML-based email message to the email ID

Open the mail and try to read the mail

If the text file gfi-test.txt appears on your

desktop, then you are vulnerable to this attack

Step 10: Perform Iframe Remote

launched asking you

to open a the file, the email system is vulnerable to the

attack

Step 11: Perform MIME Header

Vulnerability Test

HTML emails are simply web pages; IE can render them and open

binary attachments in a way that is appropriate to their MIME types

Send the HTML email containing an executable attachment with

modified MIME header information

Go to the mail and try to read the mail

you are vulnerable to MIME header attack

Step 12: Perform Malformed File

Extension Vulnerability Test

Send the file with a malformed file extension, such

as HTA, to the email ID

Go to the mail and try to read the mail

Go to the mail and try to read the mail

If you can run this attachment, the email is

vulnerable to this attack

Step 13: Perform Access Exploit

Vulnerability Test

Send the file containing the VBA

(Visual Basic for Applications) code to

the email ID

Go to the mail and try to read the il

mail

If you can run this attachment, the email is vulnerable to this attack

Step 14: Perform Fragmented Message Vulnerability Test

The message fragmentation feature allows to send the large files by splitting

them into multiple smaller messages

them into multiple smaller messages.

Client supporting this feature receives messages and transparently re-assembles

the whole message into a single one.

It helps to bypass the viruses from content filtering solutions.

Send the fragmented messages to the email ID.

Go to the mail and try to read the mail.

Step 15: Perform Long Subject Attachment Checking Test

Send the mail with long subject name and attach the file with the same

name as email’s subject and give DAT extension

name as email s subject and give DAT extension

Access the mailbox and try to read the email

attack

A ti Phi hi T l Anti-Phishing Tools

EC Council

List of Anti-Phishing Tools

NetCraft

ThreatFire

GralicWrap

Spyware-Adware Remover

PhishTank SiteChecker

PhishTank SiteChecker blocks the phishing pages with reference to

the data present in the phish tank

It is an extension of firefox, SeaMonkey, Internet Explorer, Opera,

Mozilla and Flock

Mozilla, and Flock

The SiteChecker checks the current site the user is in against a

database of PhishTank

database of PhishTank

PhishTank SiteChecker:

Screenshot

The NetCraft tool alerts the user when they are connected to

th hi hi it

the phishing site.

When the user connects to a phishing site it blocks the user by

h i i i

showing a warning sign

It traps suspicious URLs in which the characters have no

h h d i h

Warning

common purpose other than to deceive the user.

It imposes the browser navigational controls in all windows to

i h hidi h i i l l protect against the pop ups hiding the navigational controls.

NetCraft: Screenshot

It also checks for typical phishing keywords in every email sent to the organization

It also checks for typical phishing keywords in every email sent to the organization.

GFI MailEssentials: Screenshot

SpoofGuard prevents a form of malicious attacks, such as web

spoofing and phishing

It places a traffic light at the user’s browser toolbar that turns from

green to yellow to red when navigated to a spoof site

When the user inserts private data into a spoofed site, spoofguard

saves the data and warns the user

SpoofGuard: Screenshot

Anti-Spamming p g

Tools

EC Council

List of Anti-Spamming Tools

AEVITA Stop SPAM Email SpamExperts Desktop

SpamEater Pro Spa ate o SpamWeasel Spytech SpamAgent AntispamSniper Spam Reader Spam Assassin Proxy (SA) Proxy MailWasher Free

Spam Bully

AEVITA Stop SPAM Email

AEVITA Stop SPAM Email helps to hide email addresses from

b tspambots

It will replace all the email addresses on the page with specifically

encoded email addresses

encoded email addresses

It introduces codes that spambots block, which a normal mailing

program ignores

It even stops spammers from getting a large list of email addresses

AEVITA Stop SPAM Email:

Screenshot

SpamExperts Desktop

SpamExperts Desktop works as a spam filter for any email program and automatically intercepts spam

automatically intercepts spam

It is not dependent on keywords list to detect spam, but checks whether

the content of message is accepted or rejected from the user

the content of message is accepted or rejected from the user

It also checks for filtering spam in background and also maintains a list

of blocked and accepted senders

of blocked and accepted senders

SpamExperts Desktop:

Screenshot

SpamEater Pro

SpamEater Pro is an anti-spam and email notification system.

It reduces the spam in the mailbox by 95 percent.

SpamEater Pro notifies the waiting mails after clearing the spam using a

pop-up window.

It provides complex rule processing, a POP3 Profile Wizard, a Rules Wizard,

and support for real-time Blacklist database lookups.

SpamEater Pro: Screenshot

Spytech SpamAgent

Spytech SpamAgent is a powerful email monitoring and filtering tool that sorts

the emails according to users choice

the emails according to users choice.

It contains filters that block unwanted and spam mails from getting into the

inbox.

It filters based on the sender, recipient, subject, body, as well as attachment

type, forwards, and more.

Spytech SpamAgent removes the spam mails from the mailbox, but deletes it

only after user accepts it.

Spytech SpamAgent: Screenshot

Email accounts are the repositories where people store their private information or even

their business data.

Use social engineering techniques to get hint of user names and passwords.

Use different bulk emailing tools to send the spam mail.

Mail bombing can be defined as the act of sending unwanted mails in large numbers which

fills up the recipient’s mailbox.

PhishTank SiteChecker blocks the phishing pages with reference to the data present in the

phish tank.

p

SpoofGuard prevents a form of malicious attacks, such as web spoofing and phishing.