External mail server

What's the best way to setup a home network? Why should I care about BGP?

External mail server

Post by jeonews on Fri Jan 11, 2013 7:31 am
([msg=72200]see External mail server[/msg])

Hello guys....!
i am a independent student of Ethical hacking. i am reading some books about network hacking. i have read in several books about the web application hosted by third party but mail server is reside somewhere in internal corporate network(internal mail server is used for e-mails),and there is a way to enter in the corporate network through this internal mail server. now the question in my mind(and have no answer yet)is that what if the company's mail server is also hosted by some third party? what the strategy would be? can we enter in the network by the mail server? what the possibilities are of getting-in in the network? Any body who can help......thanks
jeonews
New User
New User
 
Posts: 4
Joined: Fri Jan 11, 2013 7:19 am
Blog: View Blog (0)


Re: External mail server

Post by mShred on Fri Jan 11, 2013 10:37 pm
([msg=72217]see Re: External mail server[/msg])

Well it really depends on their setup.. By external mailserver, it could be a few things. Say there's a mail server that hosts mail for a bunch of different commercial sites. If you manage to get into that mail server then yes, you do have access to the mail on those servers. From there you could probably find a way to get into the main site whether it be technically by some bug in some kind of application that ties the two servers together, or non-technically by gaining admin privs to the site using some of the mail you have access to. It really depends on their setup. And being able to figure out the setup and what to do with that particular setup is what is going to define your hacker-foo.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1716
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: External mail server

Post by jeonews on Wed Jan 16, 2013 9:18 am
([msg=72296]see Re: External mail server[/msg])

mShred wrote:Well it really depends on their setup.. By external mailserver, it could be a few things. Say there's a mail server that hosts mail for a bunch of different commercial sites. If you manage to get into that mail server then yes, you do have access to the mail on those servers. From there you could probably find a way to get into the main site whether it be technically by some bug in some kind of application that ties the two servers together, or non-technically by gaining admin privs to the site using some of the mail you have access to. It really depends on their setup. And being able to figure out the setup and what to do with that particular setup is what is going to define your hacker-foo.


Thanks man.....!
actually i am confuse on where u are saying "to get into the main site". actually i am interested in to know weather we can enter in the corporate network through this main server or not( its not about the website).
i am sorry if i have some misunderstanding as i am just a beginner ......!
thanks.....!
jeonews
New User
New User
 
Posts: 4
Joined: Fri Jan 11, 2013 7:19 am
Blog: View Blog (0)


Re: External mail server

Post by 6sygma on Mon Feb 18, 2013 2:01 pm
([msg=73883]see Re: External mail server[/msg])

I think that by main site he meant the main corporate network. You could try accessing this server either via a vulnerability on the login page (if it is web mail) or via the open email ports at their gateway (SMTP, IMAP, POP3 for instance). Have you used port scanning on the main corporate network's gateway?

Also please note: you should have an authorisation from the company to do this. Don't start scanning their servers, gateways or login pages if you haven't been authorised to do so as it is most probably illegal in your jurisdiction and will certainly annoy the company who could track you down and sue you.
6*Σ
User avatar
6sygma
New User
New User
 
Posts: 4
Joined: Mon Feb 18, 2013 4:49 am
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests