Government Security
Network Security Resources

Jump to content

Photo

Fake E-mail "how To" Demonstration

- - - - - security server
  • This topic is locked This topic is locked
43 replies to this topic

#1 what

what

    Corporal

  • Members
  • 166 posts

Posted 01 September 2003 - 05:39 PM

i'm going to give you the appended version, and facts that you will need to know
1.use your telnet program to connect to the victims server
How do you know the server? Most mail servers run on port 25. The name of the mail server is after the @ with mail appended to the front (except for big "on-line conglomerates"). So, your victim is asdf@thevictimserver.com . We then execute the command:
telnet mail.thevictimserver.com 25

for yahoo.com, telnet mx1.mail.yahoo.com 25 . Same with most other big companys.

When you connect, you will get something like:

220 YSmtp mta102.mail.scd.yahoo.com ESMTP service ready
ehlo
250-mta102.mail.scd.yahoo.com
250-8BITMIME
250-SIZE 10485760
250 PIPELINING
mail from: <what@yahoo.com>
250 sender <what@yahoo.com> ok
rcpt to: <what@yahoo.com>
250 recipient <what@yahoo.com> ok
data
354 Please start mail input.
subject: fake mail
from: no one bitch
to: a stupid, stupid man
date: none

hello friend.
.
quit

this is the total syntax. Let's review, now shall we? these are the commands issued in order.

ehlo
mail from: <whateveryouwant@alegitimatedomain.com>
rcpt to: <thevictim@victim.com>
data
subject: data starts the mail input
from: this displays the from
to: this displays the to
date: date

make sure to hit enter twice after date to give it an "authentic" look. to end this message, leave a period "." on a line by itself and hit enter.
.
quit

and so the mail gets sent after you quit. Tons of fun :)
I've always wanted a witty, thought provoking signature for myself that I thought others would find interesting. And then I just thought "f**k it" I'll just write this.

#2 Guest_rinse_*

Guest_rinse_*
  • Guests

Posted 02 September 2003 - 01:03 AM

thanx for that very useful :D :D :D :D :D

#3 Guest_LsdTrip_*

Guest_LsdTrip_*
  • Guests

Posted 02 September 2003 - 02:24 PM

im using it for along time
very useful in the area of
social engineering if you think
about it for a while you may
come with greate idea's to use
"Fake mails" as a tool to get
what you want.

#4 Guest_Hexboy_*

Guest_Hexboy_*
  • Guests

Posted 10 September 2003 - 11:13 PM

One problem with this which i'm sure some of you are aware of is that they can simply look in the header of the email to lookup IP's and the such, although this tends to vary between the host/ sendmail or whatever used.

#5 Guest_mehmehmeh_*

Guest_mehmehmeh_*
  • Guests

Posted 26 September 2003 - 09:06 AM

well i'm on win xp home edition and gave this a shot. Well if i try using telnet.exe it sits there then finally says Could not open connection to host on port 25 : Connection failed.I typed exactly what u did.I've also tried connecting to other telnet things but nothing ever comes up once i'm connected and I cannot type anything the cursor just sits there on the black background.Perhaps i just need to read up on it more.. if it's as easy as u posted... is there something wrong with my computer itself or what am I doing wrong... thanks :)

#6 Guest_donfrabrizio_*

Guest_donfrabrizio_*
  • Guests

Posted 27 September 2003 - 10:25 AM

I think that your problem is that you don't have a shell.

I wanted to use telnet also , but in a lot of articles they explain that you first need a shell.

In relation with that , I know someone who serves his pc ass a shell on the net.

You can find him on http://www.hackpalace.com/en/ and click shells.

But I just saw that it was a pay shell.Sorry for giving you hope.I didn't knew it ether.

The simpel way is to ask your provider to activate a shelll for you.

#7 Ollie

Ollie

    Private

  • Members
  • 12 posts

Posted 29 September 2003 - 07:34 AM

doesnt like... evrey half decent hacker on the planet know how 2 do that? lol its gud tho and for the ppl that dont know, it works on like nearly every mail server on the planet lol even the biggies ;) sending fake mail rulz!

#8 babaton

babaton

    Private First Class

  • Members
  • 83 posts

Posted 29 September 2003 - 07:58 AM

Mehmehmeh , I done this a few times and it worked ok.

Sometimes the telnet client doesn't display what you're typing in so you have to be real careful to make sure you type everything correctly.

Serach around in here i'm sure i've seen an article which says how to make the typing visible.

As for not being able to connect,Are you behind a firewall?Some isps also block port 25,but i've never worked out why they might do this.

Ta.

#9 what

what

    Corporal

  • Members
  • 166 posts

Posted 30 September 2003 - 07:51 PM

I just like to say thanks for the feedback, chances are most people do know how to do this, it's just that I haven't seen any articles explaining this before, and therefore I thought it might be nice to write one. I'll be posting a list of mail servers that this works on later, and I think that we should start a section showing Anonymous SMTP servers so tracking true IP addresses will no longer be an issue when you pull apart the header of a e-mail. The funny thing is, I have seen organizations that have multiple SMTP mail servers, which gives you the ability to mask your IP from server to server. Just something I've noticed. Anyways, thanks for the feedback, this forum was looking a little scare, and I believe this has helped a little.
I've always wanted a witty, thought provoking signature for myself that I thought others would find interesting. And then I just thought "f**k it" I'll just write this.

#10 Guest_coder_*

Guest_coder_*
  • Guests

Posted 01 October 2003 - 06:23 AM

i don't understand why everyone uses Telnet for everything. any SMTP client can produce fake emails if the SMTP server allows open relay. Honestly, besides some fancy trick for your fiends- this technique isn't very useful. if the header:source:address doesn't match the @.com then the email is dropped (in our mail:filter)

nice tut. though :D

#11 Guest_coder_*

Guest_coder_*
  • Guests

Posted 02 October 2003 - 06:51 AM

relaycheck.pl v0.3 - relaycheck scans a network for vulnerable SMTP hosts that permit "relaying" of email. By David Weekly.

http://packetstorm.l...s/relaycheck.pl

#12 what

what

    Corporal

  • Members
  • 166 posts

Posted 05 November 2003 - 10:07 PM

mx1.mail.yahoo.com
mx2.mail.yahoo.com
mx4.hotmail.com
mx3.hotmail.com
mx2.hotmail.com
mx1.hotmail.com
thor.atlradio.com (send to radio stations)
mail.futon.k12.ga.us (send mail to my school)
mail.fultonschools.org (send mail to my school)

this is not for "true" fake mails, you can still pull apart the header and find the ip, but chances are teachers are not going to question an e-mail this much, and they'll just do what it says if it come from the correct source.
I've always wanted a witty, thought provoking signature for myself that I thought others would find interesting. And then I just thought "f**k it" I'll just write this.

#13 dinox

dinox

    Private

  • Members
  • 16 posts

Posted 06 November 2003 - 06:44 PM

:o :lol: lol ...y this fake mail no one want to fix it?
i really don understand this...

anyway..stay fake@

#14 tibbar

tibbar

    First Sergeant

  • Members
  • 1,423 posts

Posted 07 November 2003 - 05:28 AM

It is very simple to send anomynous fake emails (this is illegal, and I am not endorsing it). You need to have a "vic" with a port forwarding service enabled.

You can then telnet to the vic, which will hide your true IP from the mail server.

If you are very paranoid, then you can chain several vics together.
If you want to read more about my security research, visit Tibbar.org

#15 Guest_dozolax_*

Guest_dozolax_*
  • Guests

Posted 19 December 2003 - 07:33 PM

good post





Also tagged with one or more of these keywords: security, server