Brief Introduction to Email Hacking

8/13/2019 Brief Introduction to Email Hacking

1/27

By Rahil Shah100820131043


2/27

Most commonly used & preferred modes ofCommunication.

Transfer important business documents

share moments of joy and sorrow

forwards meaningless junks to friends

play pranks and even close cross-continental

business deals

This all within a matter of seconds.

What is Email?


3/27

Email cracking is a grave concern as thedependency on email increases.

Though the recognition of email is increasing,

awareness regarding its risks, threats andvulnerabilities remains poor.

Security is the main concern nowadays.

Adverse effects on Email


4/27

Tracing of Emails

Email Forging

Extended Simple Mail Transfer Protocol (ESMTP)

The Post Office Protocol (POP)

SPAM

Cracking Email AccountsSecuring Email

Email Hacking


5/27

Email communication is governed by twodifferent protocols:

SMTP (Simple Mail Transfer Protocol Port 25)

POP (Post Office Protocol Port 110 )

The SMTP protocol is used to send emails, while

the POP protocol is used to receive them.

Email Hacking : Tracing of Email


6/27

Sender Outbox - Source Mail Server - Interim Mail

Servers - Destination Mail Server DestinationInbox

Travelling of an Email


7/27

The most essential part of Email Hacking is EmailHeaders.

Email Headers are automatically generated andembedded into an email message both duringcomposition and transfer between systems.

It represents the exact path taken by the email.

Email Headers


8/27

The typical email header looks like:

From: Media Temple user ([email protected])Subject: article: How to Trace a Email

Date: January 25, 2011 3:30:58 PM PDTTo: [email protected]: Envelope-To: [email protected]: Tue, 25 Jan 2011 15:31:01 -0700Received: from po-out-1718.google.com ([72.14.252.155]:54907) by cl35.gs01.gridserver.com with esmtp (Exim 4.63)(envelope-from ) id 1KDoNH-0000f0-RL for [email protected]; Tue, 25 Jan 2011 15:31:01 -0700Received: by po-out-1718.google.com with SMTP id y22so795146pof.4 for ; Tue, 25 Jan 201115:30:58 -0700 (PDT)Received: by 10.141.116.17 with SMTP id t17mr3929916rvm.251.1214951458741; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)Received: by 10.140.188.3 with HTTP; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type;bh=+JqkmVt+sHDFIGX5jKp3oP18LQf10VQjAmZAKl1lspY=;b=F87jySDZnMayyitVxLdHcQNL073DytKRyrRh84GNsI24IRNakn0oOfrC2luliNvdeaLGTk3adIrzt+N96GyMseWz8T9xE6O/sAI16db48q4Iqkd7uOiDvFsvS3CUQlNhybNw8m

CH/o8eELTN0zbSbn5Trp0dkRYXhMX8FTAwrH0=Domainkey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=wkbBj0M8NCUlboI6idKooejg0sL2ms7fDPe1tHUkR9Ht0qr5lAJX4q9PMVJeyjWalH36n4qGLtC2euBJY070bVra8IBB9FeDEW9C35BC1vuPT5XyucCm0hulbE86+uiUTXCkaB6ykquzQGCer7xPAcMJqVfXDkHo3H61HM9oCQM=Message-Id: Mime-Version: 1.0Content-Type: multipart/alternative; boundary="----=_Part_3927_12044027.1214951458678"X-Spam-Status: score=3.7 tests=DNS_FROM_RFC_POST, HTML_00_10, HTML_MESSAGE, HTML_SHORT_LENGTH

version=3.1.7X-Spam-Level: ***


9/27

From :

This displays who the message is from, however,this can be easily forged and can be the least

reliable.


10/27

Subject:

This is what the sender placed as a topic of theemail content.


11/27

Date:

This shows the date and time the email messagewas composed.


12/27

To:

This shows to whom the message was addressed,but may not contain the recipient's address.


13/27

Return-Path

The email address for return mail. This is thesame as "Reply-To:".


14/27

Received:

They form a list of all the servers/computersthrough which the message traveled in order to

reach you.

It is read from bottom to up for getting theSource mail Server to Destination mail Server.

For example,


15/27

Received: (from root@localhost) by lists.Stanford.EDU(8.12.10/8.12.10) id iAO9gXht000364 for movielees-out5741627; Tue, 28 Sept 2012 01:42:33 +0530 (IST)

Received: from smtp2.Stanford.EDU

(smtp2.Stanford.EDU [171.67.16.125]) bylists.Stanford.EDU (8.12.10/8.12.10) with ESMTP idiAO9gVNK000358 for [email protected]; Tue,28 Sept 2012 01:42:32 +0530 (IST)

Received: from CPQ20500143191.stanford.edu(whoopilaptop.Stanford.EDU [128.12.18.34]) by;Tue, 28 Sept 2012 01:42:31 +0530 (IST)


16/27

Message-ID:A unique string assigned by the mail system whenthe message is first created. These can easily be

forged.For example,

Message-ID:

Here, OE7a01tpQrQp0000614e Referencenumber


17/27

Mime-VersionMultipurpose Internet Mail Extensions (MIME) isan Internet standard that extends the formatof email.

MIME defines mechanisms for sending otherkinds of information in email. These include textin languages other than English using characterencodings other than ASCII, and 8-bit binary

content such as filescontaining images, sounds, movies,and computer programs.

For example, MIME-Version: 1.0


18/27

Content-type:

This header indicates the Internet media type ofthe message content, consisting of

a typeand subtype, for exampleContent-Type: text/plain


19/27

X-Mailer:

It shows which Email client is used.

For example,

X-Mailer: Microsoft Outlook Express

5.00.2600.0000


20/27

To trace an email, refer

X-Originating-IP:

If this is not mention, then refer to the last RECEIVED line ofemail header. It contains the IP address.

For example,

Received: from CPQ20500143191.stanford.edu(whoopilaptop.Stanford.EDU [128.12.18.34]) by

; Tue,28 Sept 2012 01:42:31 +0530 (IST)


21/27

Typically, while tracing a source IP address on theinternet, one should try to find out not only thesource ISP used by the victim but also

geographical information (like continent, country,

city, etc.) on the attacker.

Techniques:

Reverse DNS Lookup

WHOIS

Visual Tracing tools


22/27

Every single IP address on the internet has acorresponding hostname associated with it.

This technique will try to convert the suspect ID

Address into it corresponding hostname.The utility available for the reverse DNS lookup isnslookup

Reverse DNS lookup


23/27

WHOIS is a worldwide database maintained byvarious domain registration companiescontaining listings of the domains registered at

their company or country.

One can retrieve information of particular IP

Address or domain name entered.

whois.apnic.net WHOIS Query

WHOIS


24/27

Visual Tracing tools available are:

1. NeoTracePro

2. VisualRoute

3. eMailTrackerPro

4. Samspade


25/27

Email threats awareness and understanding is

essential nowadays as the popularity of Email is

at the peak


26/27

Email Hacking Even You Can Hack by AnkitFadia.

http://en.wikipedia.org/wiki/MIME

http://kb.mediatemple.net/questions/892/Understanding+an+email+header

References
http://en.wikipedia.org/wiki/MIMEhttp://kb.mediatemple.net/questions/892/Understanding+an+email+headerhttp://kb.mediatemple.net/questions/892/Understanding+an+email+headerhttp://kb.mediatemple.net/questions/892/Understanding+an+email+headerhttp://kb.mediatemple.net/questions/892/Understanding+an+email+headerhttp://kb.mediatemple.net/questions/892/Understanding+an+email+headerhttp://en.wikipedia.org/wiki/MIMEhttp://en.wikipedia.org/wiki/MIME


27/27

THANK YOU!!

Brief Introduction to Email Hacking

Documents

Transcript of Brief Introduction to Email Hacking