nerdexam
EC-Council

312-50V11 · Question #656

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

The correct answer is D. To illicit a response back that will reveal information about email servers and how they treat. Sending email to a known-invalid address triggers a Non-Delivery Report (NDR) that can expose mail server software, version, and internal routing details useful in a penetration test.

Footprinting and Reconnaissance

Question

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

Options

  • ATo determine who is the holder of the root account
  • BTo perform a DoS
  • CTo create needless SPAM
  • DTo illicit a response back that will reveal information about email servers and how they treat
  • ETo test for virus protection

How the community answered

(51 responses)
  • A
    4% (2)
  • B
    16% (8)
  • C
    2% (1)
  • D
    71% (36)
  • E
    8% (4)

Why each option

Sending email to a known-invalid address triggers a Non-Delivery Report (NDR) that can expose mail server software, version, and internal routing details useful in a penetration test.

ATo determine who is the holder of the root account

Bounce messages reveal MTA and routing information, not the identity of the root account holder.

BTo perform a DoS

Sending a single email to an invalid address does not generate enough load to constitute a denial-of-service attack.

CTo create needless SPAM

The goal is targeted intelligence gathering about the mail server, not generating unsolicited bulk mail.

DTo illicit a response back that will reveal information about email servers and how they treatCorrect

When an SMTP server receives mail for a non-existent recipient, it returns a bounce or NDR message. This error response often contains the mail transfer agent (MTA) name, version number, internal hostnames, and relay paths - intelligence that helps a penetration tester map the email infrastructure and identify exploitable software versions.

ETo test for virus protection

Virus protection testing requires sending a known-malicious or EICAR test file as an attachment, not an undeliverable address.

Concept tested: SMTP banner and NDR information disclosure during reconnaissance

Source: https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/non-delivery-reports-in-exchange-online

Topics

#email footprinting#bounce-back analysis#email server enumeration#information gathering

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice