I know you can do this, but how do you make an email look like it was sent from a totally different email address? What is the cmd or what ever code to do so. THX! :crazy:
When you are connected to a mail exchanger, you CANNOT USE the backspace (delete) key. So any mistakes you make mean you must reconnect or send it as it is. Once you know what's going on, it may be worth setting up a telnet macro to do the entire process for you. That's assuming you'll be doing this a lot. For this example, I will be emailing poor_sod@gullible.com, and the email will appear to come from nastygeezer@brutal.com. You can in fact email anybody with this method - the way the internet works means that (almost) anyone with any email address can be fakemailed. Every computer you connect to to use this method will look slightly different, but the commands are generic, and should work anywhere. And finally - these instructions are written for a Unix user - the method is basically the same for a Windoze user - but if you can't figure out what to change, you probably shouldn't be doing this at all. Some Windoze users don't have NSLookup, if not, you can try IntNet's online NSLookup. ____________________________________________________________________________________________________ Getting mail exchanger data and connecting Step 1 - Getting mail exchanger data and connecting You must use a program called "nslookup" to look up information about the computer where poor_sod has his email address. In this case, gullible.com. On a standard *nix system, this can be achieved like this: Code: % /usr/sbin/nslookup -q=MX gullible.com Resolved gullible.com to 206.123.6.111... [snip] mail exchanger: easy.gullible.com [snip] % ________________________________________________________________________________________________ An nslookup will produce quite a lot of data, but the only thing you are looking for is a "mail exchanger" - there are often several, but any of them will do. At this point, we must connect to the mail exchanger using port 25 - this is achieved like this: Code: % telnet easy.gullible.com 25 Connecting to easy.gullible.com.... Escape character is `] Gullible ESMTP version 6.6.6 This software copyright (C) 1666 Gullible systems. ___________________________________________________________________________________ Identifying Now you must tell the computer where you're from, who you are, and who's getting the email. Code: HELO brutal.com 250 OK MAIL FROM: <nastygeezer@brutal.com> 250 nastygeezer@brutal.com is syntactically correct RCPT TO: <poor_sod@gullible.com> 250 poor_sod@gullible.com is syntactically correct And that's it! The computer has accepted our input just fine! All we need to do now is _____________________________________________________________________________________ The email itself What we must do now is make the email look as if it came from a proper email program, rather than us just handtyping it in - this is important. If we don't put in credible data, most email clients will reject it. What we must do is add the headers, and then the email. Code: DATA 354 Ready for data - end input with a "." on a new line Date: 4/7/108 Time: 1:05:30 (GMT+300) From: Mr Fake Guy <nastygeezer@brutal.com> To: Poor Sod <poor_sod@gullible.com> Subject: I'm a nasty geezer. The email goes here. We've typed the date and time (exactly! look!) and then the names and email addresses of the sender and the recipient, and the subject. Then just leave a blank line, and type the email! When we want to end, we just do the full stop (period) on a new line as the message said... . 220 OK (ESMTP id 20023/197A4BB) QUIT Connection closed by foreign host % Hope this helped you if you have any questions please don't hesitate to ask me
I am a total noob and am now looking into this whole ethical hacking but i have a question, now if i do send this forged email, then if this person does reply what happens to the email which the recipient of the forged email sends, does it go to the email address used for the forged mail or can it be routed back to you so you can read it.
Basically no you can't read it unless you have the account from which you sent it. If you do that kind-of defeats the purpose...
