Sep 2, 2009

Email spoofing

Email spoofing

Want to know how to forge an e-mail? Want to send an e-mail to a friend with a fake address such as: ""? It sounds tough doesn’t it? It’s really a lot easier than you’d think. This is actually a pretty old trick, but I thought some "new to the scene" hackers would like it. It is important to understanding email fundamentals if nothing else. First of all, will you need any special software for this? Are any special skills needed? Well, not really. If you can use telnet, you can do this. Telnet is a client you can use to make a connection to a remote computer as though you were signed on locally. This is a default tool included with Windows and most Linux distros.

Things to keep in mind:

Nowadays, everyone is worried about security. So, a lot of the mail servers you will run into will force you to login. However some are still wide open! Not all these servers are locked up. Some system admins just don’t know, or just don’t care about this. This is usually most prevalent in schools and universities who tend not to update as often as others. Sometimes, it is not locked up and it won’t even ask you for a login. Also keep in mind that the server most likely is recording everything you do. Most of the time, the mail server prints to a log file. So, you may not want to do this from home. Also, even though the e-mail has a forged name. If the target is smart enough, they can just look at the header from the e-mail and determine what server the mail came from. As the IP address will be in the header. This can be circumvented by learning more of the SMTP commands and routing your email through a proxy server.

On to the Hacking:

A lot of webservers use Sendmail as their mail server. SMTP (simple mail transfer protocol) is the protocol it uses. All this does is take care of the commands needed to send mail. Usually a mail server can be found on port 25. So for example, if we wanted to use the mail server at, we would open up telnet, set the hostname to (usually by issuing the "open" command), and then set the port to 25. Now connect.

When you first get there, you should see something like this:

220 ESMTP Sendmail 8.12.5/8.12.5; Thu, 14 Nov 2002 18:39:56 -0500
It won’t do much else. It’s sitting there waiting for your commands. Go ahead, talk to it. The next step is to well, say "HI" to the server. And it will respond to you. Type: "HELO" and watch what happens.

250 Hello [your IP here], pleased to meet you

Now wasn’t that nice? This mail server is pleased to meet you. Ok, now let’s get down to it. You need to tell the server who this mail is coming from. Essentially, who YOU are, or who you’d like to be. Type this at the prompt: "MAIL FROM:"

250 2.1.0 Sender ok

Now as far as it knows, that sender is ok. It’s cool with that e-mail address. Now we want to tell it who will be receiving this mail. Type: "RCPT TO:"

250 Recipient ok
All right, now we have the "to" and "from" info all entered and ready to go. Now let’s write this E-mail. It’s done by typing DATA, then type in your message. When you are finished typing the e-mail, hit enter.

Dear Bill,
You suck. And your software sucks. And that’s sad. 

250 Message accepted for delivery...
Now to disconnect from the server, just enter the command QUIT. That’s about it! Your mail is on its way! Most typical users will not be able to tell the difference unless they understand how to read the headers of their emails. Make them somewhat believable, and you can have lots of fun! Like I said earlier, this is an older trick. Some of you may not know about it. Some of you may. Either way, have fun with it. Enjoy yourself. And never stop exploring.

# ITS ©
# 2008 - 2009

No comments:

Post a Comment