Sunday, April 14, 2013

Email Harvesting in Kali Linux (Find out Login IDs to Bruteforce) | Kali Linux

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

 For the purpose of mass spamming or spear phishing, hackers use a module available in Metasploit that pulls email accounts of a particular organization from 'Google', 'Bing' and 'Yahoo'.

Hackers find it useful to perform online password attacks later on--it is important to know the IDs or usernames to before commencing the cracking process--during targeted attacks. As I mentioned, the list of email addresses can also be used for the purpose of mass mailing, phishing, or spear phishing.

So I conduct a such a test to pull email addresses from an organization of interest to me. First, I list all the options available to me relating to this module--using a standard Metasploit command 'show options'

Then, I set the 'domain' of the organization and the 'output' file where I wants the results (email addresses) saved, and 'execute' the module.

After a while, these are the results given back to me:

Bots crawl over the Internet looking for email addresses. In order to avoid being spammed, a mitigation strategy is to insert the email address in a graphic file, or to mention it in a custom format that the bot will not be able to comprehend as an email address. For instance, name [at] gmail [dot] com.

No comments:

Post a Comment