Penetration Testing mailing list archives
Re: e-mail address mining tool?
From: Hugo Vinicius Garcia Razera <hviniciusg () gmail com>
Date: Tue, 8 Nov 2005 13:27:28 -0400
I agree whit every thing u said Tomas, but from the point off view off a penetration testing it would be a very nice way to get what users are valid on that domain. assuming that the only service available is external mail for the users, witch is the case I'm working right know. Now comes the question, if i develop such tool, and the spamers get the hands on it i will kill my self :), i don't want no more sper..... pills mails or... well i think u know what i mean. An interesting way off gathering the emails(users) could be if u get a "mailer daemon reply" of an invalid user, so if u don't get anything, there is the probability that the account is valid. any comments any one. Greetings Hugo Vinicius Garcia Razera On 11/7/05, Tomasz Nidecki <tonid () hakin9 org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 Sunday, November 6, 2005, 6:36:48 PM, Eyal wrote:I'm not aware of any tool which can test emails against an address file. The most efficient approach to achieve this functionality is to write a simple script which sends the SMTP VRFY command for each entry in an address file.Note that some mail servers do not support this command in order to thwart spammers.Hi, everyone. Well, to be exact, almost no servers support this command nowadays. qmail definitely doesn't. AFAIK, Postfix doesn't either, at least it didn't the last time I checked. Neither did Exim. Only Sendmail, in its standard config, responds to the VRFY command. I don't know about commercial, Windows mailservers, but I found the VRFY command supported in very few cases. Therefore I would not base anything on its output. Also, testing the existence of the user is rarely done on the level of mail envelope. Therefore, you cannot expect the mailserver to either reply right after sending the RCPT TO command that the user doesn't exist or reply in such away after DATA is sent. The only thing you can expect, is that if the user address is invalid, you will receive a mailer daemon reply to the MAIL FROM address. But... This is also not certain. Some mailservers use a default account for a given domain, eg. qmail, which I specialise in. If such a setup is made, all mail to inexistant users in a given domain is directed to a chosen existant account. Therefore you will not receive any answer from the mailserver, if a bad e-mail address is given in RCPT TO, since mail will be delivered to an existing user. Therefore, there is no tool and there will be no such tool. Which is good, because if there was, spammers would have a much easier life making databases of existing users, so they can sell them later on. Cheers, - -- Tomasz Nidecki, Sekr. Redakcji / Managing Editor hakin9 magazine http://www.hakin9.org mailto:tonid () hakin9 org jid:tonid () tonid net Do you know what "hacker" means? http://www.catb.org/~esr/faqs/hacker-howto.html Czy wiesz, co znaczy slowo "haker"? http://www.jtz.org.pl/Inne/hacker-howto-pl.html -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUAQ28M6ER7PdagQ735AQE90gP9EXVRDGUNNQdWgSCHDeYItm7AuZzj0JYF ExOhwTC/863ATjCC18b3lGD+qCKvC3ud4q213HqFOUkEGEraWboxVziQluwbnWqz zjdlxfdj0JHPEP5aqTwS2JE34CvCXqMoN+tVVALD/RvcqqCYQr8jzNn+Q9uzePc2 x2FsceCmFSs= =m5Ng -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- e-mail address mining tool? Hugo Vinicius Garcia Razera (Nov 05)
- RE: e-mail address mining tool? Eyal Udassin (Nov 06)
- Re: e-mail address mining tool? Tomasz Nidecki (Nov 07)
- Re: e-mail address mining tool? Justin (Nov 08)
- Message not available
- Re: e-mail address mining tool? Tomasz Nidecki (Nov 09)
- Re: e-mail address mining tool? Diarmaid McManus (Nov 10)
- Re: e-mail address mining tool? Tomasz Nidecki (Nov 07)
- RE: e-mail address mining tool? Eyal Udassin (Nov 06)
- Re: e-mail address mining tool? Hugo Vinicius Garcia Razera (Nov 08)
- Re: e-mail address mining tool? Tomasz Nidecki (Nov 09)
- Re: e-mail address mining tool? James Eaton-Lee (Nov 10)
- Re: e-mail address mining tool? Tomasz Nidecki (Nov 10)
- <Possible follow-ups>
- Re: e-mail address mining tool? Marco Ivaldi (Nov 13)