ECSA/LPT
EC CouncilModule XXXIX
EC-Council Email Security Penetration Testingg
Penetration Testing Roadmap
Start HereInformation Vulnerability External
Gathering Analysis Penetration Testing
Fi ll Router and InternalFirewall
Penetration Testing
Router and Switches
Penetration Testing
Internal Network
Penetration Testing
IDS
Penetration Testing
Wireless Network
Penetration Testing
Denial of Service
Penetration Testing
Password Cracking
Stolen Laptop, PDAs and Cell Phones
Social EngineeringApplication
Cont’d
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration TestingPenetration Testing Penetration TestingPenetration Testing
Penetration Testing Roadmap (cont’d)(cont d)
Cont’dPhysical Database VoIP ySecurity
Penetration Testing
Penetration testing Penetration Testing
Virus and Trojan
Detection
War Dialing VPN Penetration Testing
Log Management
Penetration Testing
File Integrity Checking
Blue Tooth and Hand held
Device Penetration TestingPenetration Testing
Telecommunication And Broadband
Email Security Penetration Testing
Security Patches
Data Leakage
End Here
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Communication Penetration Testing
Penetration TestingPatches Penetration Testing
Penetration Testing
Introduction to Email Security
Email accounts are the repositories where people store their p p pprivate information or even their business data.
Due to the widespread use of the Internet techniques and tools, a hacker can access the user’s ID and email password.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Pre-Requisite For Email Penetration TestingPenetration Testing
E il dd hi h f Email address on which you want to perform penetration testing
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Steps for Email Penetration TestingTesting
1 • Try to access email ID and password
2 • Check whether anti-phishing software is enabled
• Check whether anti-spamming tools are enabled3 • Check whether anti-spamming tools are enabled
4 • Try to perform email bombing
5 • Perform CLSID extension vulnerability test
6 • Perform VBS attachment vulnerability test6 y
7 • Perform double file extension vulnerability test
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
8 • Perform long filename vulnerability test
Steps for Email Penetration Testing (cont’d)Testing (cont d)
9• Perform ActiveX vulnerability test
10• Perform IFrame remote vulnerability test
11• Perform MIME header vulnerability test
• Perform malformed file extension vulnerability test12
y
13• Perform access exploit vulnerability test
14• Perform fragmented message vulnerability test
P f l bj h h ki
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
15• Perform long subject attachment checking test
Step 1: Try to Access Email ID and Passwordand Password
Use social engineering Use social engineering techniques to get hint for user names and passwords.
See the hint for forgotten See the hint for forgotten passwords.
Use different password cracking tools, such as Hydra and John the Ripper to
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
and John the Ripper to access the password.
Step 2: Check Whether Anti-Phishing Software are EnabledPhishing Software are Enabled
Send the mail containing a malicious link that redirects toSend the mail containing a malicious link that redirects tothe malicious site.
Ch k h th th il i bl k d b ti hi hi t lCheck whether the mail is blocked by any anti-phishing toolsuch as Netcraft.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 3: Check Whether Anti-Spamming Tools are EnabledSpamming Tools are Enabled
Use different bulk emailing tools, such as Fairlogic WorldCas and Handymailer to send the spam mail
Check whether anti spamming tools are enabled or not
WorldCas and Handymailer to send the spam mail.
Check whether anti-spamming tools are enabled or not.
Check if the spam mails are marked as spam or blocked.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 4: Try to Perform Email BombingBombing
Mail bombing can be defined as the act of sending unwanted mails in large numbers which fills up the recipient’s mailbox.
Send unwanted bulk mails in large number to the email ID or use some mail bombing tools such as mail gbomber.
Check if these mails are marked differently or blocked by mail client or mail servers.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 5: Perform CLSID Extension Vulnerability TestVulnerability Test
Send the attachment with Class ID (CLSID) file extension to the email ID.
Go to the mail and try to read the mail.Go to the mail and try to read the mail.
If you can run this attachment, the email is vulnerable to CLSID extension attack.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 6: Perform VBS Attachment Vulnerability TestVulnerability Test
Send the h
If you can run this
attachment with VBS file
Go to the mail and try to read
run this attachment, the email is vulnerable
extension to the email ID.
try to read the mail.
vulnerable to VBS extension
tt kattack.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 7: Perform Double File Extension Vulnerability TestExtension Vulnerability Test
Send the double extension file to the email ID.
Go to the mail and try to read the mail.Go to t e a a d t y to ead t e a .
If you can run this attachment, the email is vulnerable to double file extension attack.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 8: Perform Long Filename Vulnerability TestVulnerability Test
Send the attachment with a long filename.
Go to the mail and try to read the mail.
If you can open this attachment, the email you ca ope s a ac e , e e ais vulnerable to a long filename attack.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 9: Perform ActiveX Vulnerability TestVulnerability Test
The Microsoft virtual machine (Microsoft VM) includes a security vulnerability that may allow script code in a web page or HTML based vulnerability that may allow script code in a web page or HTML-based email message to access ActiveX controls.
Send an HTML-based email message to the email ID.
Open the mail and try to read the mail.
If the text file gfi-test.txt appears on your d k h l bl h k
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
desktop, then you are vulnerable to this attack.
Step 10: Perform Iframe Remote Vulnerability TestVulnerability Test
Send an email If a dialog box is
l h d kiSend an email
containing an Iframe pointing to a file
residing on an HTTP
Go to the mail client and try to read the
mail.
launched asking you to open a the file, the
email system is vulnerable to the
server.vulnerable to the
attack.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 11: Perform MIME Header Vulnerability TestVulnerability Test
HTML emails are simply web pages; IE can render them and open HTML emails are simply web pages; IE can render them and open binary attachments in a way that is appropriate to their MIME types.
Send the HTML email containing an executable attachment with modified MIME header information.
Go to the mail and try to read the mail.
If the attached file gets executed on the system without prompt, then
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
g y p p ,you are vulnerable to MIME header attack.
Step 12: Perform Malformed File Extension Vulnerability TestExtension Vulnerability Test
Send the file with a malformed file extension, such as .HTA, to the email ID.
Go to the mail and try to read the mailGo to the mail and try to read the mail.
If you can run this attachment, the email is vulnerable to this attack.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 13: Perform Access Exploit Vulnerability TestVulnerability Test
Send the file containing the VBA Se d t e e co ta g t e V (Visual Basic for Applications) code to the email ID.
Go to the mail and try to read the ilmail.
If you can run this attachment, the email is vulnerable to this attack.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 14: Perform Fragmented Message Vulnerability TestMessage Vulnerability Test
The message fragmentation feature allows to send the large files by splitting them into multiple smaller messagesthem into multiple smaller messages.
Client supporting this feature receives messages and transparently re-assembles the whole message into a single one.
It helps to bypass the viruses from content filtering solutions.
Send the fragmented messages to the email ID.
Go to the mail and try to read the mail.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
If you will get the single mail with the attachment containing the virus name, the email is vulnerable to this attack.
Step 15: Perform Long Subject Attachment Checking TestAttachment Checking Test
Send the mail with long subject name and attach the file with the samename as email’s subject and give DAT extensionname as email s subject and give .DAT extension.
Access the mailbox and try to read the email.Access the mailbox and try to read the email.
If you can run this attachment, the email system is vulnerable to thisy , yattack.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
A ti Phi hi T lAnti-Phishing Tools
EC CouncilEC-Council
List of Anti-Phishing Tools
PhishTank SiteChecker ThreatFire
NetCraft
ThreatFire
GralicWrap
GFI MailEssentials Spyware Doctor
SpoofGuard Track Zapper Spyware-Adware Remover
Phishing Sweeper Enterprise AdwareInspector
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
TrustWatch Toolbar Email-Tag.com
PhishTank SiteChecker
PhishTank SiteChecker blocks the phishing pages with reference to th d t t i th hi h t kthe data present in the phish tank.
It is an extension of firefox, SeaMonkey, Internet Explorer, Opera, Mozilla and FlockMozilla, and Flock.
The SiteChecker checks the current site the user is in against a database of PhishTankdatabase of PhishTank.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
PhishTank SiteChecker: ScreenshotScreenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
NetCraft
The NetCraft tool alerts the user when they are connected to th hi hi itthe phishing site.
When the user connects to a phishing site it blocks the user by h i i i showing a warning sign.
It traps suspicious URLs in which the characters have no h h d i h
Warning
common purpose other than to deceive the user.
It imposes the browser navigational controls in all windows to i h hidi h i i l lprotect against the pop ups hiding the navigational controls.
It displays the countries hosting the sites to detect fraudulent
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
URLs.
NetCraft: Screenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
GFI MailEssentials
GFI MailEssentials’ anti-phishing module detects and blocks threats posed by phishing emails.
It updates the database of blacklisted mails which ensures that all latest phishing mails are captured.
It also checks for typical phishing keywords in every email sent to the organizationIt also checks for typical phishing keywords in every email sent to the organization.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
GFI MailEssentials: Screenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SpoofGuard
SpoofGuard prevents a form of malicious attacks, such as web fi d hi hispoofing and phishing.
It places a traffic light at the user’s browser toolbar that turns from ll d h d fgreen to yellow to red when navigated to a spoof site.
When the user inserts private data into a spoofed site, spoofguard saves the data and warns the user.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SpoofGuard: Screenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Anti-Spamming p gTools
EC CouncilEC-Council
List of Anti-Spamming Tools
AEVITA Stop SPAM Email
SpamExperts Desktop
SpamEater ProSpa ate o
SpamWeasel
Spytech SpamAgent
AntispamSniper
Spam Reader
Spam Assassin Proxy (SA) ProxySpam Assassin Proxy (SA) Proxy
MailWasher Free
Spam Bully
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
AEVITA Stop SPAM Email
AEVITA Stop SPAM Email helps to hide email addresses from b tspambots.
It will replace all the email addresses on the page with specifically encoded email addressesencoded email addresses.
It introduces codes that spambots block, which a normal mailing program ignores.
It even stops spammers from getting a large list of email addresses.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
AEVITA Stop SPAM Email: ScreenshotScreenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SpamExperts Desktop
SpamExperts Desktop works as a spam filter for any email program and automatically intercepts spamautomatically intercepts spam.
It is not dependent on keywords list to detect spam, but checks whether the content of message is accepted or rejected from the userthe content of message is accepted or rejected from the user.
It also checks for filtering spam in background and also maintains a list of blocked and accepted sendersof blocked and accepted senders.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SpamExperts Desktop: ScreenshotScreenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SpamEater Pro
SpamEater Pro is an anti-spam and email notification system.
It reduces the spam in the mailbox by 95 percent.
SpamEater Pro notifies the waiting mails after clearing the spam using a pop-up window.
It provides complex rule processing, a POP3 Profile Wizard, a Rules Wizard, and support for real-time Blacklist database lookups.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SpamEater Pro: Screenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Spytech SpamAgent
Spytech SpamAgent is a powerful email monitoring and filtering tool that sorts the emails according to users choicethe emails according to users choice.
It contains filters that block unwanted and spam mails from getting into the inbox.
It filters based on the sender, recipient, subject, body, as well as attachment type, forwards, and more.
Spytech SpamAgent removes the spam mails from the mailbox, but deletes it only after user accepts it.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Spytech SpamAgent: Screenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Summary
Email accounts are the repositories where people store their private information or even their business data.their business data.
Use social engineering techniques to get hint of user names and passwords.
Use different bulk emailing tools to send the spam mail.
Mail bombing can be defined as the act of sending unwanted mails in large numbers which Mail bombing can be defined as the act of sending unwanted mails in large numbers which fills up the recipient’s mailbox.
PhishTank SiteChecker blocks the phishing pages with reference to the data present in the phish tank.p
SpoofGuard prevents a form of malicious attacks, such as web spoofing and phishing.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SpamExperts Desktop works as a spam filter with any email program and automatically intercepts spam.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited