Tweet
An e-mail is one of the tools that a business relies on today to get its mission done. Without e-mail many businesses would have serious trouble functioning in anything approaching a normal manner. The contents of e-mail are staggering and can be extremely valuable to an attacker looking for more inside information. For a pen tester or an attacker, plenty of tools exists to work with e-mail.
One tool that is very useful for this purpose is PoliteMail, which is designed to create and track e-mail communication from within Microsoft Outlook. This utility can prove incredibly useful if you can obtain a list of e-mail addresses from the target organization. Once you have such a list, you can then send an e-mail to the list that contains a malicious link. Once the e-mail is opened, PoliteMail will inform you of the event for each and every individual.
Another utility worth mentioning is WhoReadMe. This application lets you track e-mails and also provides information such as operating system, browser type, and ActiveX controls installed on the system.
Sending a bounce mail to the target organization may disclose information such as spam and antivirus filters. Sometimes this can be accomplished by sending an e-mail to the correct domain to which the MX resource record points but targeting a mailbox that does not exist. This is one way to trigger a return e-mail from the target that can then be investigated by analyzing the e-mail body and headers.
By searching discussion groups and other resources on various search engines you may very well find e-mails posted that can also yield useful information.
One tool that is very useful for this purpose is PoliteMail, which is designed to create and track e-mail communication from within Microsoft Outlook. This utility can prove incredibly useful if you can obtain a list of e-mail addresses from the target organization. Once you have such a list, you can then send an e-mail to the list that contains a malicious link. Once the e-mail is opened, PoliteMail will inform you of the event for each and every individual.
Another utility worth mentioning is WhoReadMe. This application lets you track e-mails and also provides information such as operating system, browser type, and ActiveX controls installed on the system.
Sending a bounce mail to the target organization may disclose information such as spam and antivirus filters. Sometimes this can be accomplished by sending an e-mail to the correct domain to which the MX resource record points but targeting a mailbox that does not exist. This is one way to trigger a return e-mail from the target that can then be investigated by analyzing the e-mail body and headers.
By searching discussion groups and other resources on various search engines you may very well find e-mails posted that can also yield useful information.