Email harvesting is the process of obtaining email addresses list. Usually it is used for sending bulk emails and also used for spamming. It is also the information gathering technique to collect information about the email id like phone numbers,addresses etc. . An automated process where a Bot is used to search Web pages for email addresses. The e-mail addresses are collected into a database that can be used by spammers to send unsolicited e-mail.
Usually in this case the attacker tries to send fake emails with the help of harvested emails which he had got.
For eg: The attacker harvests a corporate website for emails and gets the email lists like jon@gmail.com,ram@gmail.com,jenifer@gmail.com who working in ABC company .Now the attacker can send fake using the using these emails in the ABC company to gather information for further purposes etc.
Note: This post is only for educational purpose, the author of this website will not be responsible for any misuse.
How can we Harvest emails: So lets begin,
In this post I am using Email harvesting technique on IIT Bombay http://www.iitb.ac.in/
Step 1> Load on your Backtrack Machine,open terminal and type msfconsole and Hit enter .
Step 2> Type search collector and hit enter.
Step 3> Now we are collecting emails, Type:
Use auxiliary/gather/search_email_colector
Step 4> Now Type: Show options and hit enter
This is used to view your current settings .
Step 5> Now Type: set domain iitb.ac.in
If you want the output file in the txt format
Type: set outfile ABC.txt , this will store all the email addresses in the ABC file
Step 6> Now the last step is to exploit
Type: exploit and hit enter
So we get the emails, now attacker can use these emails for spamming and also can use these emails for information gathering.
No comments:
Post a Comment