lptv4 module 39 email security penetration testing_norestriction

ECSA/LPT

EC CouncilModule XXXIX

EC-Council Email Security Penetration Testingg

Penetration Testing Roadmap

Start HereInformation Vulnerability External

Gathering Analysis Penetration Testing

Fi ll Router and InternalFirewall

Penetration Testing

Router and Switches

Penetration Testing

Internal Network

Penetration Testing

IDS

Penetration Testing

Wireless Network

Penetration Testing

Denial of Service

Penetration Testing

Password Cracking

Stolen Laptop, PDAs and Cell Phones

Social EngineeringApplication

Cont’d

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

Penetration TestingPenetration Testing Penetration TestingPenetration Testing

Penetration Testing Roadmap (cont’d)(cont d)

Cont’dPhysical Database VoIP ySecurity

Penetration Testing

Penetration testing Penetration Testing

Virus and Trojan

Detection

War Dialing VPN Penetration Testing

Log Management

Penetration Testing

File Integrity Checking

Blue Tooth and Hand held

Device Penetration TestingPenetration Testing

Telecommunication And Broadband

Email Security Penetration Testing

Security Patches

Data Leakage

End Here



Communication Penetration Testing

Penetration TestingPatches Penetration Testing

Penetration Testing

Introduction to Email Security

Email accounts are the repositories where people store their p p pprivate information or even their business data.

Due to the widespread use of the Internet techniques and tools, a hacker can access the user’s ID and email password.



Pre-Requisite For Email Penetration TestingPenetration Testing

E il dd hi h f Email address on which you want to perform penetration testing



Steps for Email Penetration TestingTesting

1 • Try to access email ID and password

2 • Check whether anti-phishing software is enabled

• Check whether anti-spamming tools are enabled3 • Check whether anti-spamming tools are enabled

4 • Try to perform email bombing

5 • Perform CLSID extension vulnerability test

6 • Perform VBS attachment vulnerability test6 y

7 • Perform double file extension vulnerability test



8 • Perform long filename vulnerability test

Steps for Email Penetration Testing (cont’d)Testing (cont d)

9• Perform ActiveX vulnerability test

10• Perform IFrame remote vulnerability test

11• Perform MIME header vulnerability test

• Perform malformed file extension vulnerability test12

y

13• Perform access exploit vulnerability test

14• Perform fragmented message vulnerability test

P f l bj h h ki



15• Perform long subject attachment checking test

Step 1: Try to Access Email ID and Passwordand Password

Use social engineering Use social engineering techniques to get hint for user names and passwords.

See the hint for forgotten See the hint for forgotten passwords.

Use different password cracking tools, such as Hydra and John the Ripper to



and John the Ripper to access the password.

Step 2: Check Whether Anti-Phishing Software are EnabledPhishing Software are Enabled

Send the mail containing a malicious link that redirects toSend the mail containing a malicious link that redirects tothe malicious site.

Ch k h th th il i bl k d b ti hi hi t lCheck whether the mail is blocked by any anti-phishing toolsuch as Netcraft.



Step 3: Check Whether Anti-Spamming Tools are EnabledSpamming Tools are Enabled

Use different bulk emailing tools, such as Fairlogic WorldCas and Handymailer to send the spam mail

Check whether anti spamming tools are enabled or not

WorldCas and Handymailer to send the spam mail.

Check whether anti-spamming tools are enabled or not.

Check if the spam mails are marked as spam or blocked.



Step 4: Try to Perform Email BombingBombing

Mail bombing can be defined as the act of sending unwanted mails in large numbers which fills up the recipient’s mailbox.

Send unwanted bulk mails in large number to the email ID or use some mail bombing tools such as mail gbomber.

Check if these mails are marked differently or blocked by mail client or mail servers.



Step 5: Perform CLSID Extension Vulnerability TestVulnerability Test

Send the attachment with Class ID (CLSID) file extension to the email ID.

Go to the mail and try to read the mail.Go to the mail and try to read the mail.

If you can run this attachment, the email is vulnerable to CLSID extension attack.



Step 6: Perform VBS Attachment Vulnerability TestVulnerability Test

Send the h

If you can run this

attachment with VBS file

Go to the mail and try to read

run this attachment, the email is vulnerable

extension to the email ID.

try to read the mail.

vulnerable to VBS extension

tt kattack.



Step 7: Perform Double File Extension Vulnerability TestExtension Vulnerability Test

Send the double extension file to the email ID.

Go to the mail and try to read the mail.Go to t e a a d t y to ead t e a .

If you can run this attachment, the email is vulnerable to double file extension attack.



Step 8: Perform Long Filename Vulnerability TestVulnerability Test

Send the attachment with a long filename.

Go to the mail and try to read the mail.

If you can open this attachment, the email you ca ope s a ac e , e e ais vulnerable to a long filename attack.



Step 9: Perform ActiveX Vulnerability TestVulnerability Test

The Microsoft virtual machine (Microsoft VM) includes a security vulnerability that may allow script code in a web page or HTML based vulnerability that may allow script code in a web page or HTML-based email message to access ActiveX controls.

Send an HTML-based email message to the email ID.

Open the mail and try to read the mail.

If the text file gfi-test.txt appears on your d k h l bl h k



desktop, then you are vulnerable to this attack.

Step 10: Perform Iframe Remote Vulnerability TestVulnerability Test

Send an email If a dialog box is

l h d kiSend an email

containing an Iframe pointing to a file

residing on an HTTP

Go to the mail client and try to read the

mail.

launched asking you to open a the file, the

email system is vulnerable to the

server.vulnerable to the

attack.



Step 11: Perform MIME Header Vulnerability TestVulnerability Test

HTML emails are simply web pages; IE can render them and open HTML emails are simply web pages; IE can render them and open binary attachments in a way that is appropriate to their MIME types.

Send the HTML email containing an executable attachment with modified MIME header information.


If the attached file gets executed on the system without prompt, then



g y p p ,you are vulnerable to MIME header attack.

Step 12: Perform Malformed File Extension Vulnerability TestExtension Vulnerability Test

Send the file with a malformed file extension, such as .HTA, to the email ID.

Go to the mail and try to read the mailGo to the mail and try to read the mail.

If you can run this attachment, the email is vulnerable to this attack.



Step 13: Perform Access Exploit Vulnerability TestVulnerability Test

Send the file containing the VBA Se d t e e co ta g t e V (Visual Basic for Applications) code to the email ID.

Go to the mail and try to read the ilmail.

If you can run this attachment, the email is vulnerable to this attack.



Step 14: Perform Fragmented Message Vulnerability TestMessage Vulnerability Test

The message fragmentation feature allows to send the large files by splitting them into multiple smaller messagesthem into multiple smaller messages.

Client supporting this feature receives messages and transparently re-assembles the whole message into a single one.

It helps to bypass the viruses from content filtering solutions.

Send the fragmented messages to the email ID.




If you will get the single mail with the attachment containing the virus name, the email is vulnerable to this attack.

Step 15: Perform Long Subject Attachment Checking TestAttachment Checking Test

Send the mail with long subject name and attach the file with the samename as email’s subject and give DAT extensionname as email s subject and give .DAT extension.

Access the mailbox and try to read the email.Access the mailbox and try to read the email.

If you can run this attachment, the email system is vulnerable to thisy , yattack.



A ti Phi hi T lAnti-Phishing Tools

EC CouncilEC-Council

List of Anti-Phishing Tools

PhishTank SiteChecker ThreatFire

NetCraft

ThreatFire

GralicWrap

GFI MailEssentials Spyware Doctor

SpoofGuard Track Zapper Spyware-Adware Remover

Phishing Sweeper Enterprise AdwareInspector



TrustWatch Toolbar Email-Tag.com

PhishTank SiteChecker

PhishTank SiteChecker blocks the phishing pages with reference to th d t t i th hi h t kthe data present in the phish tank.

It is an extension of firefox, SeaMonkey, Internet Explorer, Opera, Mozilla and FlockMozilla, and Flock.

The SiteChecker checks the current site the user is in against a database of PhishTankdatabase of PhishTank.



PhishTank SiteChecker: ScreenshotScreenshot



NetCraft

The NetCraft tool alerts the user when they are connected to th hi hi itthe phishing site.

When the user connects to a phishing site it blocks the user by h i i i showing a warning sign.

It traps suspicious URLs in which the characters have no h h d i h

Warning

common purpose other than to deceive the user.

It imposes the browser navigational controls in all windows to i h hidi h i i l lprotect against the pop ups hiding the navigational controls.

It displays the countries hosting the sites to detect fraudulent



URLs.

NetCraft: Screenshot



GFI MailEssentials

GFI MailEssentials’ anti-phishing module detects and blocks threats posed by phishing emails.

It updates the database of blacklisted mails which ensures that all latest phishing mails are captured.

It also checks for typical phishing keywords in every email sent to the organizationIt also checks for typical phishing keywords in every email sent to the organization.



GFI MailEssentials: Screenshot



SpoofGuard

SpoofGuard prevents a form of malicious attacks, such as web fi d hi hispoofing and phishing.

It places a traffic light at the user’s browser toolbar that turns from ll d h d fgreen to yellow to red when navigated to a spoof site.

When the user inserts private data into a spoofed site, spoofguard saves the data and warns the user.



SpoofGuard: Screenshot



Anti-Spamming p gTools

EC CouncilEC-Council

List of Anti-Spamming Tools

AEVITA Stop SPAM Email

SpamExperts Desktop

SpamEater ProSpa ate o

SpamWeasel

Spytech SpamAgent

AntispamSniper

Spam Reader

Spam Assassin Proxy (SA) ProxySpam Assassin Proxy (SA) Proxy

MailWasher Free

Spam Bully



AEVITA Stop SPAM Email

AEVITA Stop SPAM Email helps to hide email addresses from b tspambots.

It will replace all the email addresses on the page with specifically encoded email addressesencoded email addresses.

It introduces codes that spambots block, which a normal mailing program ignores.

It even stops spammers from getting a large list of email addresses.



AEVITA Stop SPAM Email: ScreenshotScreenshot



SpamExperts Desktop

SpamExperts Desktop works as a spam filter for any email program and automatically intercepts spamautomatically intercepts spam.

It is not dependent on keywords list to detect spam, but checks whether the content of message is accepted or rejected from the userthe content of message is accepted or rejected from the user.

It also checks for filtering spam in background and also maintains a list of blocked and accepted sendersof blocked and accepted senders.



SpamExperts Desktop: ScreenshotScreenshot



SpamEater Pro

SpamEater Pro is an anti-spam and email notification system.

It reduces the spam in the mailbox by 95 percent.

SpamEater Pro notifies the waiting mails after clearing the spam using a pop-up window.

It provides complex rule processing, a POP3 Profile Wizard, a Rules Wizard, and support for real-time Blacklist database lookups.



SpamEater Pro: Screenshot



Spytech SpamAgent

Spytech SpamAgent is a powerful email monitoring and filtering tool that sorts the emails according to users choicethe emails according to users choice.

It contains filters that block unwanted and spam mails from getting into the inbox.

It filters based on the sender, recipient, subject, body, as well as attachment type, forwards, and more.

Spytech SpamAgent removes the spam mails from the mailbox, but deletes it only after user accepts it.



Spytech SpamAgent: Screenshot



Summary

Email accounts are the repositories where people store their private information or even their business data.their business data.

Use social engineering techniques to get hint of user names and passwords.

Use different bulk emailing tools to send the spam mail.

Mail bombing can be defined as the act of sending unwanted mails in large numbers which Mail bombing can be defined as the act of sending unwanted mails in large numbers which fills up the recipient’s mailbox.

PhishTank SiteChecker blocks the phishing pages with reference to the data present in the phish tank.p

SpoofGuard prevents a form of malicious attacks, such as web spoofing and phishing.



SpamExperts Desktop works as a spam filter with any email program and automatically intercepts spam.

lptv4 module 39 email security penetration testing_norestriction

Documents

bulk emailing tools

sending unwanted mails

automatically intercepts spam

ec council ec

access email id

phishing pages

email id

spam mails