312-50V13 · Question #110
Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?
The correct answer is D. To illicit a response back that will reveal information about email servers and how they treat. During a penetration test, sending an email to a non-existent address is a reconnaissance technique used to gather information about the target's email infrastructure.
Question
Options
- ATo determine who is the holder of the root account
- BTo perform a DoS
- CTo create needless SPAM
- DTo illicit a response back that will reveal information about email servers and how they treat
- ETo test for virus protection
How the community answered
(48 responses)- A2% (1)
- B4% (2)
- C2% (1)
- D92% (44)
Why each option
During a penetration test, sending an email to a non-existent address is a reconnaissance technique used to gather information about the target's email infrastructure.
Sending an email to a non-existent address does not typically reveal the holder of a root account; it primarily provides information about the mail server's configuration.
This action is a single, non-malicious query and is highly unlikely to cause a Denial of Service (DoS) on an email server.
The primary goal is information gathering, not creating needless SPAM, which would be unprofessional and counterproductive for a penetration test.
When an email is sent to an address that does not exist, the mail server typically generates a Non-Delivery Report (NDR) or bounce message. These messages often contain valuable information such as the mail server's software type, version number, internal hostnames, and how it handles delivery failures, which aids in further penetration testing efforts.
While it might indirectly provide some clues if an antivirus scanner reports on the bounced email, the main purpose is to illicit server response details, not to test for virus protection directly.
Concept tested: Email server reconnaissance
Topics
Community Discussion
No community discussion yet for this question.