Email Penetration Testing Part – #1
In this series of Blogs, we will be learning how to do Email Penetration Testing. Methodology to carry out in Pentesting Email.
We will be doing lots of things in this series of Blogs. Let's find out what they are.
- Introduction to Email Security
- Commonly Used Email Service Protocols
- Prerequisites for Email Penetration Testing
- Email Pentesting Steps
- SMTP Fingerprinting
- Directory Harvesting Attacks
- NTLM Overflows Attack
- Crack Email Passwords
- Checking against Phishing and Spamming attacks
- Perform Email bombing
- Check against CLSID Extension and VBS attachment Vulnerability
- Performing Fragmented Message vulnerability Test
Let's start with the first four steps of our objective.
INTRODUCTION TO EMAIL SECURITY
These days People tend to store their Private Information, Business Information in emails as repositories.
Everyone is using the internet and email these days, that’s what gives confidence to hackers as well. attackers can find ways easily to compromise the security of email systems and access the user’s sensitive information.
COMMONLY USED EMAIL SERVICE PROTOCOLS
|SMTP||25/TCP||Simple Mail Transfer Protocol, the standard for email transmission|
|ESMTP||587/TCP||Extended or Enhanced SMTP, Used for Internet mail transfer such as Inter-server mail transfer or mail submission protocol|
|SSMTP||465/TCP||Send only program that sends mail from a local computer to a mail server.|
|POP2||109/TCP||Application layer Internet protocol that receives messages from a remote server and relies on SMTP|
|POP3||110/TCP||Same as POP2 but doesn’t need SMTP|
|POP3S||995/TCP||It receives SMS from a remote server through SSL or TLS|
|IMAP2||143/TCP||That allows clients to access emails residing on a remote mail server|
|IMAPS||993/TCP||Connects to remote server Over SSL|
|SUBMISSION||587/TCP||Similar to SMTP for transmitting outgoing emails to a remote server|
PREREQUISITES FOR EMAIL PENETRATION TESTING
- Should possess knowledge of email terminology and concepts.
- Official documents giving you permission to test the email security of the client organization
- Clearly read the Rules of Engagement (ROE) before proceeding.
- Armory of tools
- In case it is a white box testing
- Common email policy of organization & how it is maintained
- Official Mail Server IP address, domain name, etc.
- A test email ID and address to perform penetration testing.
STEPS FOR EMAIL PENETRATION TESTING
STEP1: Perform SMTP Service Fingerprinting.
STEP2: Perform Directory Harvest Attacks
STEP3: Enumerate enabled SMTP subsystems and features
STEP4: Perform SMTP Password Bruteforcing
STEP5: Perform NTLM overflows attack through SMTP authentication
STEP6: Test for SMTP open relay
STEP7: SMTP User Enumeration
STEP8: Perform POP3 password brute-forcing
STEP9: Perform IMAP brute-forcing.
STEP10: Test for IMAP process manipulation attack
STEP11: Check for known vulnerabilities in mail servers and hosts
STEP12: Check the patch status of mail server and host systems
STEP13: Try to crack email passwords
STEP14:Check whether anti-Phishing tools are enabled
STEP15:Check whether anti-spamming tools are enabled
STEP16:Try to perform email bombing
STEP17:Perform CLSID extension vulnerability test
STEP18:Perform VBS attachment Vulnerability Test
STEP19:Perform double file extension vulnerability test
STEP20:Perform long file name vulnerability test
STEP21:Perform malformed file extension vulnerability test
STEP22:Perform access exploit vulnerability test
STEP23:Perform fragmented message vulnerability test
STEP24:Perform long subject attachment checking test
STEP25:Perform no file attachment vulnerability test
We will be performing all the steps to email penetration testing in the upcoming blogs
Stay tuned to our pen-testing series of blogs.