Government Security
Network Security Resources

Jump to content

Photo

Fake E-mail "how To" Demonstration

- - - - - security server
  • This topic is locked This topic is locked
43 replies to this topic

#16 Guest_akis_*

Guest_akis_*
  • Guests

Posted 20 December 2003 - 12:53 AM

Also try phasma as a fake emailer.scour the net(google.com) for that prog it's worth it!and ofcourse it has a proxy database in it for fake mail.supports attachments too!

#17 agentmimi

agentmimi

    Private

  • Members
  • 9 posts

Posted 20 December 2003 - 07:40 AM

nice... :D

#18 Guest_trinity_*

Guest_trinity_*
  • Guests

Posted 20 December 2003 - 10:19 AM

It's much more simpler to use a gui mail forger (like E-mail Forger 1.0 or others)... You can also use attachments and other options.
Bye,
Tnty :ph34r:

#19 AdmiralB

AdmiralB

    Specialist

  • Sergeant Major
  • 338 posts

Posted 28 December 2003 - 03:58 PM

excellant tool but i recommand some from www.8th-wonder.net

#20 Guest_JackBean_*

Guest_JackBean_*
  • Guests

Posted 30 December 2003 - 11:34 PM

Ya it much better to use a fake mail program

#21 alibaba

alibaba

    Private First Class

  • Members
  • 81 posts

Posted 08 January 2004 - 05:21 AM

you can even use shadow mailer.I found it at astalavista.com.now since astalavista.com has changed itself ,you have to search for it at other places.

#22 blazeking

blazeking

    Private First Class

  • Members
  • 35 posts

Posted 12 February 2004 - 11:04 AM

how do you send mail in this way to a mail server that does not allow relaying?

#23 sagitarioxp

sagitarioxp

    Private

  • Members
  • 2 posts

Posted 08 April 2004 - 05:36 PM

i was wondering when can e-mail network can be secure

#24 Logan

Logan

    Specialist

  • Sergeant Major
  • 1,596 posts

Posted 08 April 2004 - 06:46 PM

to the people naming programs: that's defeating the purpose of this topic and bringing in kiddie tools, this shows you how to actually do it without a special program (many of them around because it's so simple...)

thanks for this tut, but might want to remind you to spoof your IP before sending? lol


#25 manu

manu

    Master Sergeant

  • Members
  • 820 posts

Posted 08 April 2004 - 11:48 PM

nice my friend, Worked great.. THanks.
Manu :D

#26 graveyard

graveyard

    Private

  • Members
  • 12 posts

Posted 12 April 2004 - 04:48 PM

Just open smtp mail server from your computer... :blink:
I used to have irc script for smtp server that was really simple and usefull-> find it @ mircscript.org ...

#27 Guest_Prefix_*

Guest_Prefix_*
  • Guests

Posted 13 April 2004 - 06:46 AM

If you worried about you IP being tracked you could always root another box and do it from there. ;)

Prefix

#28 ToukoN

ToukoN

    Private

  • Members
  • 12 posts

Posted 14 April 2004 - 12:08 AM

This is for dinox, sagitarioxp and others wondering why sending fake emails is possible;

The reason you are able to send fake emails is due to the natures
of the SMTP-protocol. (Simple Mail Transferring Protocol).

An email-adress consists of two parts, the username and the domain, eg.
stadium@hotmail.com, where stadium is the username, and hotmail.com is the
domain.

When you send a mail, the smtp-server you use looks
up the MX-record for the receiving domain, in this case hotmail.com. MX-records are
a part of the DNS-system just like A-records. The MX-record tells your
SMTP-server what adress the receiving mailserver has, eg. mail1.hotmail.com

The mail is then sent from your smtp-server to mail1.hotmail.com and is further processed
by a storageserver for mails like an IMAP- or POP3-server on the local host. There is also a possibility that mail1.hotmail.com
resends the mail to another mailserver. When the owner connects to his receiving mailserver he gets the email.

As you can see, sending emails does not include a step for validation. If you think about this for a minute, you realise
that there is no way that global validation can be implemented in an easy way. Since everyone, can make their own mailserver,
they can also forge the sending adress of the sender, although there is still a possibility to track fake emails if you looks at the
email headers. This is not a big problem though, since most people donīt even know what email headers are.

This is why you can send fake emails.

If you want to make sure that emails you get arenīt fake, you and your friends need to use digital signatures like PGP.

#29 TRi

TRi

    Corporal

  • Members
  • 155 posts

Posted 14 April 2004 - 11:00 AM

Hey, i have some kind of problem when using this. Always when i try to enter the source email i get an error.

mail from: <dude@unknown.net>
501 Syntax error in parameters or arguments


Already tried it without the < > but it always gives me that error.

Probably im just doing something really stupid wrong... :(

#30 whiskah

whiskah

    Staff Sergeant

  • Sergeant Major
  • 397 posts

Posted 16 April 2004 - 10:36 PM

Problem with phasma is that it sometimes shows your IP in the headers if you're not using ultranet proxies

Theres a tool called INVADER that spammers are using out there..
It comes with it's own proxy database and you don't need to find SMTP servers for relaying...You will use theirs... best of all your IP is not revealed in the headers..

Invader





Also tagged with one or more of these keywords: security, server