How to fake e-mail

posted onJune 27, 2000
by hitbsecnews

Alright,
this is really a lame ass topic actually, and this information has possibly
been available since UNIX was first developed, but anyhow, it's a lot
of fun especially when dealing with people that don't really know much
about the Internet and networks. Definitely a good prank! :)

When
you're TV's broke, and you've got nothing else to do on a Sunday, faking
e-mail is a good way to pass time. Apart from just freaking out newbies
and people who don't know their keyboards from their mouse, it gives you
a way to learn more about SMTP (Simple Mail Transfer Protocol)

As
I mentioned in my last article (Network Ports), the SMTP daemon runs on
port 25, and is responsible for the routing the delivery of e-mail (outgoing
that is). Here's what you need to get started faking e-mail.

1.)
E-mail address of the victim

2.)
A remote server to connect to (this can be any system on the net, just
pick one and give it a try)

4.)
A message (what you want the message to say)

5.)
A little time, and imagination.

Okie,
now that you've got everything you need... start by telnetting to the
remote server you wish to use to route the e-mail to your victim. On UNIX
just fireup a shell and type telnet host.com 25. Once a connection is
established you should see something similar to "220 host.com SMTP
Linux 2.x, Fri 1 Jan 2000 21:38" or a derivative of such and you're
in!

To
start, you need to type in HELO . This isn't always the case on all servers, however it certainly
saves you the hassle of having to type it in if the server complains that
you didn't type in the HELO command first.

Once
you get that out of the way type in MAIL FROM: followed by the e-mail
address you want the e-mail to appear it's coming from. As an example
you could type in MAIL FROM:billgatesmom@microsoft.com (I trust you'll
be able to think up of something interesting for the MAIL FROM: line.) Don't forget to leave a space between MAIL and FROM but not a space between
the : and the e-mail address. The server will give you some crap error
message if the line isn't typed properly.

Next
type in the address of the person you wish this mail to be delivered to.
Just type in RCPT TO: followed by the e-mail address of the victim. I
would suggest testing this on yourself first to see if it works. If the
address is valid, the server should say something like "Recipient
valid" or something along those lines.

You're
ready to spoof some mail! Type DATA on a single line and hit the enter
key. Start typing away... just remember to hit enter after each line.
When you're done with your message, type a period (.) on a single line
and hit enter again. Your message is on the way to being delivered.

To
get out of the SMTP prog, just type QUIT. If you sent the mail to yourself,
check your mailbox in about 10 minutes - your fake mail should be there.

Some
versions of SMTP allow you to verify users (to see if the user exists
on that host.) Just type VRFY jane@usuck.com followed by a username. An
example of this would be :

VRFY
jane 250

If
jane did NOT exist on the system, the server would have replied with something

like
VRFY jane 250 jane... User unknown. This is a good way of checking to
see if that username exists on the server. What for? Well if you're feeling
lucky, check for usernames like "guest" "user" "user1"
"test". There's a high chance that usernames such as these would
use the username as the password. You can then proceed to telnet to the
host itself, enter the username, and use the username as the password
as well. If you're extremely lucky, you'll get dumped to a system prompt.
That's it! You're in... grab the /etc/passwd file, get your self a password
cracker and go for root. Although the likelihood of finding a server where
the username and password are the same is very rare, it's worth a try
before moving on to other methods of getting in.

That's
it... peace.

1.)
My stoopid ass mind (part 1 - Beer, cigarettes & friends)
- Kikkoman

2.)
Network ports -
L33tdawg

3.)
My stoopid ass mind (part 2 - Work,
handphones & people) - Kikkoman

4.)
Black book of AFS -
nicnoc

5.)
How to fake e-mail -
L33tdawg

6.)
Hi! I'm dead and I'm an alien -
deadalien

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes