Government Security
Network Security Resources

Jump to content

Photo

Fake E-mail "how To" Demonstration

- - - - - security server
  • This topic is locked This topic is locked
43 replies to this topic

#31 IamSam

IamSam

    Private First Class

  • Members
  • 41 posts

Posted 28 April 2004 - 03:30 PM

What's the real point of sending fake E-mails.
I mean, it cannot be used as social engineering (the personn cannot send back a mail to you).
So I think besides laughing at your friends, it's useless...

Anyway, this trick is very old, and I wonder why nobody changes this (if it could be done).

Nice tut anyway

#32 Logan

Logan

    Specialist

  • Sergeant Major
  • 1,596 posts

Posted 28 April 2004 - 04:50 PM

yeah, it is kind of amazing that it's still possible...

yes, it can be used in social engineering, say you have a problem with recieving mail or something with that account and to send it to your temp email account... it can be done multiple ways


#33 Truepower

Truepower

    Private First Class

  • Members
  • 32 posts

Posted 28 April 2004 - 07:51 PM

yes, it can be used in social engineering, say you have a problem with recieving mail or something with that account and to send it to your temp email account... it can be done multiple ways

sorry Tweaks that sentence makes no sense, ive read over it 10 times and cant figure out what youre saying heh

#34 what

what

    Corporal

  • Members
  • 166 posts

Posted 10 December 2004 - 09:15 AM

Well, i thought i mostly went over most of this, but. . . . .

The mail can be sent to the victim, and say it is a private company with a random person reading your mail. Say you put something in there like; please reply to my e-mail and send me a copy of my account username and password. So they reply, and send you the password for randomperson@thevictimcompany.com. Well, the reply will actually go to youremailaddress@whereeveryouremailaccountis.com. This could be useful, and if you don't get or see it, post again.
I've always wanted a witty, thought provoking signature for myself that I thought others would find interesting. And then I just thought "f**k it" I'll just write this.

#35 belgther

belgther

    Sergeant First Class

  • Sergeant Major
  • 650 posts

Posted 10 December 2004 - 11:55 AM

do you mean that most of the STMP servers support anonymous mail sending so you don't need to have an account?
"The wisest one is the one who knows himself/herself." Quote of the life
belgther... aka... belgther

#36 theclarkkent

theclarkkent

    Private

  • Members
  • 14 posts

Posted 10 December 2004 - 12:22 PM

Nice trick, thanks. Here's where it went before, see how you like this :P It worked for me..

http://www.elitec0de...onimousmail.htm

#37 Digital_Spirit

Digital_Spirit

    Staff Sergeant

  • Sergeant Major
  • 424 posts

Posted 14 December 2004 - 10:25 PM

The email is directed first to the server by which the domain resides. This is the stopping point. If you don't own the domain and have the account, then you can't receive the message. It is like XSS, just because you type '<'[Script]'>'alert(document.cookie)'<'/[Script]'>' this doesn't mean that someone on another computer accessing this page will see the same message box you do. This is because these actions all occur at the user level. Email spoofing is a fun little thing to do, but it really has no value as far as digital security goes.

Don't get me wrong, it is hillarious seeing the look on your friend's face when he gets
a message from agent@fbi.gov with the subject line "We need to talk.". :P
Respect Existence or Expect Resistance.

#include <revolution.h>

#38 dEuS

dEuS

    Private

  • Members
  • 19 posts

Posted 29 December 2004 - 02:04 AM

hehe thats realy cool shit :D

test it 3 years ago... it works
test it 3min ago.. it works :D

i think its a big security reason...

by the way... is it legal to do that?

#39 Hybr!d

Hybr!d

    Private

  • Members
  • 13 posts

Posted 14 June 2005 - 09:45 PM

Instead of using telnet to make a fake email which can be easily traced you can make a php script that sends HTTP emails. I got one on my host if you want link just ask!!

#40 ajax

ajax

    Private

  • Members
  • 4 posts

Posted 03 September 2005 - 03:42 PM

Instead of using telnet to make a fake email which can be easily traced you can make a php script that sends HTTP emails. I got one on my host if you want link just ask!!

<{POST_SNAPBACK}>


please your link

#41 Serhat

Serhat

    Second Lieutenant

  • Members
  • 803 posts

Posted 08 September 2005 - 10:15 PM

Instead of using telnet to make a fake email which can be easily traced you can make a php script that sends HTTP emails. I got one on my host if you want link just ask!!

<{POST_SNAPBACK}>

Wouldn't recommend that.. there are enough examples on the net.. and am sure some people will use it to get you into trouble.. just paste the source so they can host it themselve.. somewhere heh

Serhat

#42 what

what

    Corporal

  • Members
  • 166 posts

Posted 14 February 2006 - 08:55 AM

Wow, I first posted this three years ago, and it seems a little silly but still interesting. Still works to this day too. . . .
I've always wanted a witty, thought provoking signature for myself that I thought others would find interesting. And then I just thought "f**k it" I'll just write this.

#43 numegil

numegil

    Private

  • Members
  • 4 posts

Posted 09 December 2008 - 03:14 AM

I remember being able to do this back in the day (a few years ago) with gmail. However, I tried it again today and it didn't work:


220 mx.google.com ESMTP k2si28909929rvb.1
helo world
250 mx.google.com at your service
mail from: <god@gmail.comm>
250 2.1.0 OK k2si28909929rvb.1
rcpt to: <testing@gmail.com>
250 2.1.5 OK k2si28909929rvb.1
data
354 Go ahead k2si28909929rvb.1
subject: hello
This is a test
.
550-5.7.1 [xx.xxx.xxx.xx] The IP you're using to send mail is not authorized
550-5.7.1 to send email directly to our servers. Please use the SMTP
550-5.7.1 relay at your service provider instead. Learn more at
550 5.7.1 http://mail.google.c...py?answer=10336 k2si28909929
rvb.1


Is there an easy way of circumventing their way of checking for validity?

#44 Edu

Edu

    First Sergeant

  • Members
  • 2,269 posts

Posted 09 December 2008 - 10:50 AM

please check topic dates before you post.

there are programs out there to spoof e-mail headers, also there are some websites with scripts that will send fake e-mails...pick up one that is not automatically treated as spam by your mail service filter.

btw, guess it is better to lock this thread.
http://www.secumania.net - Secumania security blog.


Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!





Also tagged with one or more of these keywords: security, server