Footprirvting a Target Network .p14

Lab 7

Tracing an Email Using the eMailTrackerPro Tool

eMailTrackerPro is a tool that analyses email headers to disclose the original sender’s location.

Lab Scenario

111 the previous kb, you gathered information such as number of hops between a host and client, IP address, etc. As you know, data packets often have to go dirough routers or firewalls, and a hop occurs each time packets are passed to the next router. The number of hops determines the distance between the source and destination host. An attacker will analyze the hops for die firewall and determine die protection layers to hack into an organization or a client. Attackers will definitely try to hide dieir tme identity and location while intruding into an organization or a client by gaining illegal access to other users’ computers to accomplish their tasks. If an attacker uses emails as a means of attack, it is very essential for a penetration
tester to be familiar widi email headers and dieir related details to be able to track and prevent such attacks  with an organization. 111 tins lab, you will learn to traceemail using the eMailTrackerPRo tool.

Lab Objectives

The objective of tins lab is to demonstrate email tracing using eMailTrackerPro. Students will learn how to:
■ Trace an email to its tme geographical source
■ Collect Network (ISP) and domain Whois information for any email traced

Lab Environment

111 the lab, you need the eMailTrackerPro tool.

■ eMailTrackerPro is located at D:\CEH-Tools\CEHv8Module02 Footprinting and Reconnaissance\Email Tracking Tools\eMailTrackerPro

■ You can also download the latest version of eMailTrackerPro from the link http: / /www.ema11trackerpro.com/download.html
■ If vou decide to download the latest version, then sc re en sh ots shown hi the lab might differ
■ Follow the wizard-driven installation steps and install the tool
■ Tins tool installs Java runtime as a part ot the installation
■ Run tins tool 111 Windows Server 2012
■ Administrative privileges are required to mil tins tool
■ This lab requires a valid email account ! Hotmail, Gmail, Yahoo, etc.). W”e suggest you sign up with any of these services to obtain a new email account for tins lab
■ Please do not use your real email accounts and passwords 111 these
exercise

Lab Duration

Tune: 10 Minutes

Overview of eMailTrackerPro

Email tracking is a method to monitor or spy on email delivered to the intended recipient:
■ When an email message was received and read
■ If destructive email is sent
■ The GPS location and map of the recipient
■ The time spent reading the email
■ Whether or not the recipient visited any Links sent 111 the email
■ PDFs and other types of attachments
■ If messages are set to expire after a specified time

Lab Tasks

1. Launch the Start menu by hovering the mouse cursor 111 the lower-left corner of the desktop

FIGURE 7.1: Windows Server 2012—Desktop view

2. On the Start menu, click eMailTrackerPro to launch the application eMailTrackerPro

FIGURE 7.2: Windows Server 2012 — Apps

3. Click OK if the Edition Selection pop-up window appears

4. Now you are ready to start tracing email headers with eMailTrackerPro

5. Click the Trace an email option to start the trace

FIGURE 7.3: The eMaHTiackeiPro Main window

6. Clickmg Trace an email will direct you to the eMailTrackerPro by Visualware window

7. Select Trace an email I have received. Now, copy the email header from the email you wish to trace and paste it in Email headers field under Enter Details and click Trace

FIGURE 7.4: The eMailTrackerPro by Visualware Window

Note: 111 Outlook, find the email header by following these steps:
■ Double-click the email to open it in a new window
■ Click the small arrow 111 the lower-right corner of the Tags toolbar box to open Message Options information box
■ Under Internet headers, you will lind the Email header, as displayed 111 the screenshot

FIGURE 7.5: Finding Email Header in Oudook 2010

8. Clicking the Trace button will direct you to the Trace report window

9. The email location is traced in a GUI world map. The location and IP addresses may van7. You can also view the summary by selecting Email Summary section 011 the right side of the window

10. The Table section right below the Map shows the entire Hop 111 the route with the IP and suspected locations for each hop

11. IP address might be different than the one shown 111 the screenshot

FIGURE 7.6: eMailTrackerPro — Email Trace Report

12. You can view the complete trace report on My Trace Reports tab

FIGURE 7.7: The eMailTrackerPro - My Trace Reports tab

Lab Analysis

Document all the live emails discovered during the lab with all additional information

Questions

1. What is die difference between tracing an email address and tracing an email message?
2. What are email Internet headers?
3. What does “unknown” mean in the route table ot die idendhcation report?
4. Does eMailTrackerPro work with email messages that have been forwarded?
5. Evaluate wliedier an email message can be traced regardless of when it was sent.