Mail Server Misconfiguration
Summary :
Hello guys, this is my another blog about a vulnerability named as Mail Server Misconfiguration which is also known as Email Spoofing. But I would say it is Mail Server Misconfiguration because it is the main reason behind Email Spoofing.
Now Email Spoofing happens due to two main reasons :
- SPF record not set for the particular email
- Missing of DMARC protocol for the particular email
What is a SPF Record ?
So it basically stands for “Sender Policy Framework”. It is a type of Domain Name System (DNS) record that can help to prevent email address forgery or email spoofing.
What is a DMARC Protocol ?
DMARC stands for “Domain-based Message Authentication, Reporting & Conformance” is a protocol that uses Sender Policy Framework, (SPF) and Domain-Keys identified mail (DKIM) to determine the authenticity of an email message.
I found this vulnerability on BaseCamp a Project Management company. I exploited the vulnerability and reported to them, they triaged my report and after some days they resolved the issue and paid me the bounty of 100$.
It is not obvious that an email having the SPF record will also have the DMARC protocol and vise versa. You must check for both the things. And it is not obvious that if one email of the company has both the things enabled than other emails will also have the same things enabled. You must check for all the emails.
How to find it ?
- Go to your target company and collect all the possible emails of that company
- Now check the SPF and DMARC record of all the emails : https://mxtoolbox.com/
3. Now if you get an email (xyz@company.com), then go for its exploitation
4. Visit https://emkei.cz/ in order to exploit the issue
6. Here you’ll need to fill From-email, To and Subject
7. In From-email add the company’s email and in To add your own email and in Subject you can add anything (like Hacking You, Bounty Time etc.)
8. Check your inbox and you’ll get the email from that company which was sent by you
Impact :
Anyone can distribute fake email content/files using a company’s email. As a result, a company will have a reputation loss.
Thank You :)
Instagram : jerry._.3
