Email Forging

microapple's Avatar, Join Date: Jul 2008
Contributor
I know you can do this, but how do you make an email look like it was sent from a totally
different email address? What is the cmd or what ever code to do so.
THX!
0
XXxxImmortalxxXX's Avatar
Invasive contributor
When you are connected to a mail exchanger, you CANNOT USE the backspace (delete) key. So any mistakes you make mean you must reconnect or send it as it is. Once you know what's going on, it may be worth setting up a telnet macro to do the entire process for you. That's assuming you'll be doing this a lot.
For this example, I will be emailing poor_sod@gullible.com, and the email will appear to come from nastygeezer@brutal.com. You can in fact email anybody with this method - the way the internet works means that (almost) anyone with any email address can be fakemailed.
Every computer you connect to to use this method will look slightly different, but the commands are generic, and should work anywhere.
And finally - these instructions are written for a Unix user - the method is basically the same for a Windoze user - but if you can't figure out what to change, you probably shouldn't be doing this at all. Some Windoze users don't have NSLookup, if not, you can try IntNet's online NSLookup.


__________________________________________________ __________________________________________________

Getting mail exchanger data and connecting


Step 1 - Getting mail exchanger data and connecting
You must use a program called "nslookup" to look up information about the computer where poor_sod has his email address. In this case, gullible.com. On a standard *nix system, this can be achieved like this:

Code:
% /usr/sbin/nslookup -q=MX gullible.com
                
Resolved gullible.com to 206.123.6.111...
[snip]
mail exchanger: easy.gullible.com
[snip]
%
__________________________________________________ ______________________________________________


An nslookup will produce quite a lot of data, but the only thing you are looking for is a "mail exchanger" - there are often several, but any of them will do. At this point, we must connect to the mail exchanger using port 25 - this is achieved like this:

Code:
% telnet easy.gullible.com 25
Connecting to easy.gullible.com....
Escape character is `]
Gullible ESMTP version 6.6.6 This software copyright (C) 1666 Gullible systems.

__________________________________________________ _________________________________

Identifying


Now you must tell the computer where you're from, who you are, and who's getting the email.


Code:
HELO brutal.com
250 OK

MAIL FROM: <nastygeezer@brutal.com>
250 nastygeezer@brutal.com is syntactically correct

RCPT TO: <poor_sod@gullible.com>
250 poor_sod@gullible.com is syntactically correct

And that's it! The computer has accepted our input just fine! All we need to do now is


__________________________________________________ ___________________________________

The email itself


What we must do now is make the email look as if it came from a proper email program, rather than us just handtyping it in - this is important. If we don't put in credible data, most email clients will reject it. What we must do is add the headers, and then the email.



Code:
DATA
354 Ready for data - end input with a "." on a new line
Date: 4/7/108
Time: 1:05:30 (GMT+300) 
From: Mr Fake Guy <nastygeezer@brutal.com>
To: Poor Sod <poor_sod@gullible.com>
Subject: I'm a nasty geezer.

The email goes here. We've typed the date and time (exactly! look!) 
and then the names and email addresses of the sender and the recipient,
and the subject. Then just leave a blank line, and type the email!
When we want to end, we just do the full stop (period) on a new line
as the message said...

.
220 OK (ESMTP id 20023/197A4BB)
QUIT
Connection closed by foreign host
%
Hope this helped you if you have any questions please don't hesitate to ask me
0
microapple's Avatar, Join Date: Jul 2008
Contributor
Thanks for the help.

Never mind about the ip thing I figured it out...

Last edited by microapple; 9Jul2008 at 19:54..
0
XXxxImmortalxxXX's Avatar
Invasive contributor
lol no cant tell u about that ip or how i got it sry mate
0
Hyperion113's Avatar, Join Date: Jul 2008
Newbie Member
I am a total noob and am now looking into this whole ethical hacking but i have a question, now if i do send this forged email, then if this person does reply what happens to the email which the recipient of the forged email sends, does it go to the email address used for the forged mail or can it be routed back to you so you can read it.
0
microapple's Avatar, Join Date: Jul 2008
Contributor
Quote:
Originally Posted by Hyperion113
I am a total noob and am now looking into this whole ethical hacking but i have a question, now if i do send this forged email, then if this person does reply what happens to the email which the recipient of the forged email sends, does it go to the email address used for the forged mail or can it be routed back to you so you can read it.
Basically no you can't read it unless you have the account from which you sent it.
If you do that kind-of defeats the purpose...

Last edited by microapple; 9Jul2008 at 19:55..