LPTv4 module 39 email security penetration testing
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.43 MB, 45 trang )
ECSA/ LPT
EC
Council
Module XXXIX
EC
-
Council
Email Security
Penetration Testin
g
g
Penetration Testing Roadmap
Start Here
Information
Vulnerability External
Gathering
Analysis Penetration Testing
Fi ll
Router and
Internal
Fi
rewa
ll
Penetration Testing
Router
and
Switches
Penetration Testing
Internal
Network
Penetration Testing
IDS
Penetration Testing
Wireless
Network
Penetration Testing
Denial of
Service
Penetration Testing
Password
Cracking
Stolen Laptop, PDAs
and Cell Phones
Social
Engineering
Application
Cont’d
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration Testing
Penetration Testin
g
Penetration Testing
Penetration Testin
g
Penetration Testing Roadmap
(cont
’
d)
(cont d)
Cont’d
Ph
y
sical
Database VoIP
y
Security
Penetration Testing
Penetration testing Penetration Testing
Virus and
Trojan
Detection
War Dialing
VPN
Penetration Testing
Log
Management
Penetration Testing
File Integrity
Checking
Blue Tooth and
Hand held
Device
Penetration Testing
Penetration
Testing
Telecommunication
And Broadband
Email Security
Penetration Testing
Security
Patches
Data Leakage
End Here
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Communication
Penetration Testing
Penetration
Testing
Patches
Penetration Testing
Penetration Testin
g
Introduction to Email Security
Email accounts are the re
p
ositories where
p
eo
p
le store their
ppp
private information or even their business data.
Due to the widespread use of the Internet techniques and
tools, a hacker can access the user’s ID and email password.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Pre-Requisite For Email
Penetration Testing
Penetration Testing
E il dd hi h f
E
ma
il
a
dd
ress
on
w
hi
c
h
you
want
to
per
f
orm
penetration testing
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Steps for Email Penetration
Testing
Testing
1
• Try to access email ID and password
2
• Check whether anti-phishing software is enabled
•
Check whether anti
-
spamming tools are enabled
3
•
Check whether anti
-
spamming tools are enabled
4
• Try to perform email bombing
5
• Perform CLSID extension vulnerability test
6
• Perform VBS attachment vulnerabilit
y
test
6
y
7
• Perform double file extension vulnerability test
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
8
• Perform long filename vulnerability test
Steps for Email Penetration
Testing (cont
’
d)
Testing (cont d)
9
• Perform ActiveX vulnerability test
10
• Perform IFrame remote vulnerability test
11
• Perform MIME header vulnerability test
• Perform malformed file extension vulnerabilit
y
test
12
y
13
• Perform access exploit vulnerability test
14
• Perform fragmented message vulnerability test
Pf l bj h hki
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
15
•
P
er
f
orm
l
ong
su
bj
ect
attac
h
ment
c
h
ec
ki
ng
test
Step 1: Try to Access Email ID
and Password
and Password
Use social engineering
Use social engineering
techniques to get hint for
user names and passwords.
See the hint for forgotten
See the hint for forgotten
passwords.
Use different password
cracking tools, such as Hydra
and John the Ripper to
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
and John the Ripper to
access the password.
Step 2: Check Whether Anti-
Phishing Software are Enabled
Phishing Software are Enabled
Send
the
containing
a
malicious
link
that
redirects
to
Send
the
containing
a
malicious
link
that
redirects
to
the malicious site.
Ch k
hth
th
il
i
bl k d
b
ti
hi hi
tl
Ch
ec
k
w
h
e
th
er
th
ema
il
i
s
bl
oc
k
e
d
b
yanyan
ti
-p
hi
s
hi
ng
t
oo
l
such as Netcraft.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 3: Check Whether Anti-
Spamming Tools are Enabled
Spamming Tools are Enabled
Use different bulk emailing tools, such as Fairlogic
WorldCas and Handymailer to send the spam mail
Check whether anti
spamming tools are enabled or not
WorldCas and Handymailer to send the spam mail
.
Check whether anti
-
spamming tools are enabled or not
.
Check if the spam mails are marked as spam or blocked.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 4: Try to Perform Email
Bombing
Bombing
Mail bombing can be defined as the act of sending
unwanted mails in large numbers which fills up the
recipient’s mailbox.
Send unwanted bulk mails in large number to the email
ID or use some mail bombin
g
tools such as mail
g
bomber.
Check if these mails are marked differently or blocked
by mail client or mail servers.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 5: Perform CLSID Extension
Vulnerability Test
Vulnerability Test
Send the attachment with Class ID (CLSID) file
extension to the email ID.
Go to the mail and try to read the mail.
Go to the mail and try to read the mail.
If you can run this attachment, the email is
vulnerable to CLSID extension attack.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 6: Perform VBS Attachment
Vulnerability Test
Vulnerability Test
Send the
h
If you can
run this
attac
h
ment
with VBS
file
Go to the
mail and
try to read
run this
attachment,
the email is
vulnerable
extension
to the email
ID.
try to read
the mail.
vulnerable
to VBS
extension
tt k
a
tt
ac
k
.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 7: Perform Double File
Extension Vulnerability Test
Extension Vulnerability Test
Send the double extension file to the email
ID.
Go to t
h
e
m
a
il
a
n
d t
r
y to
r
ead t
h
e
m
a
il
.
Go to t e a a d t y to ead t e a .
If you can run this attachment, the email is
vulnerable to double file extension attack.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 8: Perform Long Filename
Vulnerability Test
Vulnerability Test
Send the attachment with a long filename.
Go to the mail and try to read the mail.
If
you
ca
n
ope
n thi
s
a
tt
ac
hm
e
nt
,
th
e
e
m
a
il
you ca ope s a ac e , e e a
is vulnerable to a long filename attack.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 9: Perform ActiveX
Vulnerability Test
Vulnerability Test
The Microsoft virtual machine (Microsoft VM) includes a security
vulnerability that may allow script code in a web page or HTML
based
vulnerability that may allow script code in a web page or HTML
-
based
email message to access ActiveX controls.
Send an HTML-based email message to the email ID.
Open the mail and try to read the mail.
If the text file gfi-test.txt appears on your
dk h l bl h k
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
d
es
k
top, t
h
en you are vu
l
nera
bl
e to t
h
is attac
k
.
Step 10: Perform Iframe Remote
Vulnerability Test
Vulnerability Test
Send an email
If a dialog box is
lhdki
Send an email
containing an Iframe
pointing to a file
residing on an HTTP
Go to the mail client
and try to read the
mail.
l
aunc
h
e
d
as
ki
ng you
to open a the file, the
email system is
vulnerable to the
server.
vulnerable to the
attack.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 11: Perform MIME Header
Vulnerability Test
Vulnerability Test
HTML emails are simply web pages; IE can render them and open
HTML emails are simply web pages; IE can render them and open
binary attachments in a way that is appropriate to their MIME types.
Send the HTML email containing an executable attachment with
modified MIME header information.
Go to the mail and try to read the mail.
If the attached file
g
ets executed on the s
y
stem without
p
rom
p
t
,
then
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
gypp,
you are vulnerable to MIME header attack.
Step 12: Perform Malformed File
Extension Vulnerability Test
Extension Vulnerability Test
Send the file with a malformed file extension, such
as .HTA, to the email ID.
Go to the mail and try to read the mail
Go to the mail and try to read the mail
.
If you can run this attachment, the email is
vulnerable to this attack.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 13: Perform Access Exploit
Vulnerability Test
Vulnerability Test
Se
n
d t
h
e
fil
e co
n
ta
inin
g t
h
e V
BA
Se d t e e co ta g t e V
(Visual Basic for Applications) code to
the email ID.
Go to the mail and try to read the
il
ma
il
.
If you can run this attachment, the
email is vulnerable to this attack.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 14: Perform Fragmented
Message Vulnerability Test
Message Vulnerability Test
The message fragmentation feature allows to send the large files by splitting
them into multiple smaller messages
them into multiple smaller messages
.
Client supporting this feature receives messages and transparently re-assembles
the whole message into a single one.
It helps to bypass the viruses from content filtering solutions.
Send the fragmented messages to the email ID.
Go to the mail and try to read the mail.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
If you will get the single mail with the attachment containing the virus name, the
email is vulnerable to this attack.
Step 15: Perform Long Subject
Attachment Checking Test
Attachment Checking Test
Send the mail with long subject name and attach the file with the same
name
as
’
s
subject
and
give
DAT
extension
name
as
email s
subject
and
give
.
DAT
extension
.
Access
the
mailbox
and
try
to
read
the
.
Access
the
mailbox
and
try
to
read
the
.
I
f
y
ou can run this attachment
,
the email s
y
stem is
v
ulnerable to this
y
,
y
attack.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Ati
Phi hi T l
A
n
ti
-
Phi
s
hi
ng
T
oo
l
s
EC
Council
EC
-
Council
List of Anti-Phishing Tools
PhishTank SiteChecker
ThreatFire
NetCraft
ThreatFire
GralicWrap
GFI MailEssentials
Spyware Doctor
SpoofGuard
Track Zapper Spyware-
Adware Remover
Phishing Sweeper Enterprise
AdwareInspector
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
TrustWatch Toolbar
Email-Tag.com
PhishTank SiteChecker
PhishTank SiteChecker blocks the phishing pages with reference to
th d t t i th hi h t k
th
e
d
a
t
a
presen
t i
n
th
e
p
hi
s
h t
an
k
.
It is an extension of firefox, SeaMonkey, Internet Explorer, Opera,
Mozilla and Flock
Mozilla
,
and Flock
.
The SiteChecker checks the current site the user is in against a
database of
PhishTank
database of
PhishTank
.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
