Penetration Testing mailing list archives

Re: Several Domains

From: "Adam Thompson" <adwulf () gmail com>
Date: Fri, 12 Dec 2008 10:26:02 +0000

2008/12/12 Ahmed Zaki <ahmedmzaki () gmail com>:


I am not asking for networking FACTS here,  I am rather asking the
pentesters out there about their past experiences thus I identify myself as
a noob.


It should identify itself in the banner - or at the very least in the
response to a HELO:

telnet 192.168.123.45 25

220 mail4.example.org ESMTP Exim 4.63 Fri, 12 Dec 2008 10:12:43 +0000
HELO mypc.example.org
250 mail4.example.org Hello mypc.example.org [10.11.12.13]

So now you know that for the purposes of mail, the server identifies
itself as mail4.example.org
Hopefully, that's what the reverse DNS (PTR) records resolve it as,
too - as this can be important for SPF.

As for determining which domain is being used for users - well, that's
a little more tricky.  Perhaps you can google the hostname and see if
it turns up in any logs (or postings to USENET abuse groups) which are
left open to the public.
You could also do a WHOIS on the domain (or public IP using
ARIN/RIPE/APNIC etc) to see who is responsible for that domain and
which domain their email address is in.  Then you can look at the MX
records for those domains to see if they match the mailservers you are
testing against.

eg - server is mail4.example.org [192.168.123.34]

WHOIS mail4.example.org gives a billing contact of dave () company test

Lookup of MX records for company.test domain shows mail4.example.org
in the listings.

Now you can safely say that this server handles mail for mailboxes
@company.test (or if it can't - users @company.test are going to have
problems receiving their email).


-- 
AdamT
"At times one remains faithful to a cause only because its opponents
do not cease to be insipid." - Nietzsche

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

Several Domains Ahmed Zaki (Dec 11)
- Re: Several Domains tony_l_turner (Dec 11)
- Message not available
  - RE: Several Domains Ahmed Zaki (Dec 11)
    - Re: Several Domains Todd Haverkos (Dec 12)
    - Re: Several Domains Tim Brown (Dec 12)
    - Re: Several Domains David Howe (Dec 12)
    - Re: Several Domains Adam Thompson (Dec 12)
    - Re: Several Domains ArcSighter (Dec 12)