Penetration Testing mailing list archives
Re: Several Domains
From: "Adam Thompson" <adwulf () gmail com>
Date: Fri, 12 Dec 2008 10:26:02 +0000
2008/12/12 Ahmed Zaki <ahmedmzaki () gmail com>:
I am not asking for networking FACTS here, I am rather asking the pentesters out there about their past experiences thus I identify myself as a noob.
It should identify itself in the banner - or at the very least in the response to a HELO: telnet 192.168.123.45 25 220 mail4.example.org ESMTP Exim 4.63 Fri, 12 Dec 2008 10:12:43 +0000 HELO mypc.example.org 250 mail4.example.org Hello mypc.example.org [10.11.12.13] So now you know that for the purposes of mail, the server identifies itself as mail4.example.org Hopefully, that's what the reverse DNS (PTR) records resolve it as, too - as this can be important for SPF. As for determining which domain is being used for users - well, that's a little more tricky. Perhaps you can google the hostname and see if it turns up in any logs (or postings to USENET abuse groups) which are left open to the public. You could also do a WHOIS on the domain (or public IP using ARIN/RIPE/APNIC etc) to see who is responsible for that domain and which domain their email address is in. Then you can look at the MX records for those domains to see if they match the mailservers you are testing against. eg - server is mail4.example.org [192.168.123.34] WHOIS mail4.example.org gives a billing contact of dave () company test Lookup of MX records for company.test domain shows mail4.example.org in the listings. Now you can safely say that this server handles mail for mailboxes @company.test (or if it can't - users @company.test are going to have problems receiving their email). -- AdamT "At times one remains faithful to a cause only because its opponents do not cease to be insipid." - Nietzsche ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Several Domains Ahmed Zaki (Dec 11)
- Re: Several Domains tony_l_turner (Dec 11)
- Message not available
- RE: Several Domains Ahmed Zaki (Dec 11)
- Re: Several Domains Todd Haverkos (Dec 12)
- Re: Several Domains Tim Brown (Dec 12)
- Re: Several Domains David Howe (Dec 12)
- Re: Several Domains Adam Thompson (Dec 12)
- Re: Several Domains ArcSighter (Dec 12)
- RE: Several Domains Ahmed Zaki (Dec 11)