brief introduction to email hacking
TRANSCRIPT
-
8/13/2019 Brief Introduction to Email Hacking
1/27
By Rahil Shah100820131043
-
8/13/2019 Brief Introduction to Email Hacking
2/27
Most commonly used & preferred modes ofCommunication.
Transfer important business documents
share moments of joy and sorrow
forwards meaningless junks to friends
play pranks and even close cross-continental
business deals
This all within a matter of seconds.
What is Email?
-
8/13/2019 Brief Introduction to Email Hacking
3/27
Email cracking is a grave concern as thedependency on email increases.
Though the recognition of email is increasing,
awareness regarding its risks, threats andvulnerabilities remains poor.
Security is the main concern nowadays.
Adverse effects on Email
-
8/13/2019 Brief Introduction to Email Hacking
4/27
Tracing of Emails
Email Forging
Extended Simple Mail Transfer Protocol (ESMTP)
The Post Office Protocol (POP)
SPAM
Cracking Email AccountsSecuring Email
Email Hacking
-
8/13/2019 Brief Introduction to Email Hacking
5/27
Email communication is governed by twodifferent protocols:
SMTP (Simple Mail Transfer Protocol Port 25)
POP (Post Office Protocol Port 110 )
The SMTP protocol is used to send emails, while
the POP protocol is used to receive them.
Email Hacking : Tracing of Email
-
8/13/2019 Brief Introduction to Email Hacking
6/27
Sender Outbox - Source Mail Server - Interim Mail
Servers - Destination Mail Server DestinationInbox
Travelling of an Email
-
8/13/2019 Brief Introduction to Email Hacking
7/27
The most essential part of Email Hacking is EmailHeaders.
Email Headers are automatically generated andembedded into an email message both duringcomposition and transfer between systems.
It represents the exact path taken by the email.
Email Headers
-
8/13/2019 Brief Introduction to Email Hacking
8/27
The typical email header looks like:
From: Media Temple user ([email protected])Subject: article: How to Trace a Email
Date: January 25, 2011 3:30:58 PM PDTTo: [email protected]: Envelope-To: [email protected]: Tue, 25 Jan 2011 15:31:01 -0700Received: from po-out-1718.google.com ([72.14.252.155]:54907) by cl35.gs01.gridserver.com with esmtp (Exim 4.63)(envelope-from ) id 1KDoNH-0000f0-RL for [email protected]; Tue, 25 Jan 2011 15:31:01 -0700Received: by po-out-1718.google.com with SMTP id y22so795146pof.4 for ; Tue, 25 Jan 201115:30:58 -0700 (PDT)Received: by 10.141.116.17 with SMTP id t17mr3929916rvm.251.1214951458741; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)Received: by 10.140.188.3 with HTTP; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type;bh=+JqkmVt+sHDFIGX5jKp3oP18LQf10VQjAmZAKl1lspY=;b=F87jySDZnMayyitVxLdHcQNL073DytKRyrRh84GNsI24IRNakn0oOfrC2luliNvdeaLGTk3adIrzt+N96GyMseWz8T9xE6O/sAI16db48q4Iqkd7uOiDvFsvS3CUQlNhybNw8m
CH/o8eELTN0zbSbn5Trp0dkRYXhMX8FTAwrH0=Domainkey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=wkbBj0M8NCUlboI6idKooejg0sL2ms7fDPe1tHUkR9Ht0qr5lAJX4q9PMVJeyjWalH36n4qGLtC2euBJY070bVra8IBB9FeDEW9C35BC1vuPT5XyucCm0hulbE86+uiUTXCkaB6ykquzQGCer7xPAcMJqVfXDkHo3H61HM9oCQM=Message-Id: Mime-Version: 1.0Content-Type: multipart/alternative; boundary="----=_Part_3927_12044027.1214951458678"X-Spam-Status: score=3.7 tests=DNS_FROM_RFC_POST, HTML_00_10, HTML_MESSAGE, HTML_SHORT_LENGTH
version=3.1.7X-Spam-Level: ***
-
8/13/2019 Brief Introduction to Email Hacking
9/27
From :
This displays who the message is from, however,this can be easily forged and can be the least
reliable.
-
8/13/2019 Brief Introduction to Email Hacking
10/27
Subject:
This is what the sender placed as a topic of theemail content.
-
8/13/2019 Brief Introduction to Email Hacking
11/27
Date:
This shows the date and time the email messagewas composed.
-
8/13/2019 Brief Introduction to Email Hacking
12/27
To:
This shows to whom the message was addressed,but may not contain the recipient's address.
-
8/13/2019 Brief Introduction to Email Hacking
13/27
Return-Path
The email address for return mail. This is thesame as "Reply-To:".
-
8/13/2019 Brief Introduction to Email Hacking
14/27
Received:
They form a list of all the servers/computersthrough which the message traveled in order to
reach you.
It is read from bottom to up for getting theSource mail Server to Destination mail Server.
For example,
-
8/13/2019 Brief Introduction to Email Hacking
15/27
Received: (from root@localhost) by lists.Stanford.EDU(8.12.10/8.12.10) id iAO9gXht000364 for movielees-out5741627; Tue, 28 Sept 2012 01:42:33 +0530 (IST)
Received: from smtp2.Stanford.EDU
(smtp2.Stanford.EDU [171.67.16.125]) bylists.Stanford.EDU (8.12.10/8.12.10) with ESMTP idiAO9gVNK000358 for [email protected]; Tue,28 Sept 2012 01:42:32 +0530 (IST)
Received: from CPQ20500143191.stanford.edu(whoopilaptop.Stanford.EDU [128.12.18.34]) by;Tue, 28 Sept 2012 01:42:31 +0530 (IST)
-
8/13/2019 Brief Introduction to Email Hacking
16/27
Message-ID:A unique string assigned by the mail system whenthe message is first created. These can easily be
forged.For example,
Message-ID:
Here, OE7a01tpQrQp0000614e Referencenumber
-
8/13/2019 Brief Introduction to Email Hacking
17/27
Mime-VersionMultipurpose Internet Mail Extensions (MIME) isan Internet standard that extends the formatof email.
MIME defines mechanisms for sending otherkinds of information in email. These include textin languages other than English using characterencodings other than ASCII, and 8-bit binary
content such as filescontaining images, sounds, movies,and computer programs.
For example, MIME-Version: 1.0
-
8/13/2019 Brief Introduction to Email Hacking
18/27
Content-type:
This header indicates the Internet media type ofthe message content, consisting of
a typeand subtype, for exampleContent-Type: text/plain
-
8/13/2019 Brief Introduction to Email Hacking
19/27
X-Mailer:
It shows which Email client is used.
For example,
X-Mailer: Microsoft Outlook Express
5.00.2600.0000
-
8/13/2019 Brief Introduction to Email Hacking
20/27
To trace an email, refer
X-Originating-IP:
If this is not mention, then refer to the last RECEIVED line ofemail header. It contains the IP address.
For example,
Received: from CPQ20500143191.stanford.edu(whoopilaptop.Stanford.EDU [128.12.18.34]) by
; Tue,28 Sept 2012 01:42:31 +0530 (IST)
-
8/13/2019 Brief Introduction to Email Hacking
21/27
Typically, while tracing a source IP address on theinternet, one should try to find out not only thesource ISP used by the victim but also
geographical information (like continent, country,
city, etc.) on the attacker.
Techniques:
Reverse DNS Lookup
WHOIS
Visual Tracing tools
-
8/13/2019 Brief Introduction to Email Hacking
22/27
Every single IP address on the internet has acorresponding hostname associated with it.
This technique will try to convert the suspect ID
Address into it corresponding hostname.The utility available for the reverse DNS lookup isnslookup
Reverse DNS lookup
-
8/13/2019 Brief Introduction to Email Hacking
23/27
WHOIS is a worldwide database maintained byvarious domain registration companiescontaining listings of the domains registered at
their company or country.
One can retrieve information of particular IP
Address or domain name entered.
whois.apnic.net WHOIS Query
WHOIS
-
8/13/2019 Brief Introduction to Email Hacking
24/27
Visual Tracing tools available are:
1. NeoTracePro
2. VisualRoute
3. eMailTrackerPro
4. Samspade
-
8/13/2019 Brief Introduction to Email Hacking
25/27
Email threats awareness and understanding is
essential nowadays as the popularity of Email is
at the peak
-
8/13/2019 Brief Introduction to Email Hacking
26/27
Email Hacking Even You Can Hack by AnkitFadia.
http://en.wikipedia.org/wiki/MIME
http://kb.mediatemple.net/questions/892/Understanding+an+email+header
References
http://en.wikipedia.org/wiki/MIMEhttp://kb.mediatemple.net/questions/892/Understanding+an+email+headerhttp://kb.mediatemple.net/questions/892/Understanding+an+email+headerhttp://kb.mediatemple.net/questions/892/Understanding+an+email+headerhttp://kb.mediatemple.net/questions/892/Understanding+an+email+headerhttp://kb.mediatemple.net/questions/892/Understanding+an+email+headerhttp://en.wikipedia.org/wiki/MIMEhttp://en.wikipedia.org/wiki/MIME -
8/13/2019 Brief Introduction to Email Hacking
27/27
THANK YOU!!