network monitoring
+ Reply to Thread
Results 1 to 3 of 3

Thread: Another Forging E-mail tut

  1. #1
    Join Date
    Jan 2008

    Another Forging E-mail tut

    .....where do i begin.......first off SMTP and ESMTP have NOTHING to do with POP*...

    Simple Mail Transfer Protocal or SMTP is a mail protocal used to SEND mail. Post Office Protocal or POP(pop*) is a protocal used to receive mail. THis is a direct flow in SOME smtp server. Most open SMTP server with no authentication will be expoitable to this the exploit is easy as pie to pull off manually.

    Step One - Find a open smtp server

    This is the hardest part. and the best way to find ne, if you do not know of one off hand. DO a setwork scan with such tools as superscan or netscan. and scan for port 25 which is the standard SMTP tcp/ip port

    Step Two - Connecting

    once we have acquired a suitable system we then open up a telnet(start->run-> type "cmd" and click ok -> at black screen type"telnet [host name/ip] 25" and hit enter

    Now lets break this down for those who are unaware of how telnet works. Telnet [Host/ip] 25
    Telnet -obviously the command to open the telnet program
    [host/ip] - this is where you place the ip address of host name of the system
    25 - port 25 is the standard smtp port

    Alternative way

    start->run-> type "cmd" and hit enter-> at black screen type "telnet" -> at telnet> prompt type "connection"-> at "to" prompt type "[hostname/ip] 25" his enter

    Step * - introducing yoruself to the system

    once connect you should see sometihng along the lines of Code:

    You should receive a reply like:
    Trying ???.???.???.???...
    Connected to [hostname].
    Escape character is '^]'.
    220 [hostname/ip] SMTP Sendmail ?version-number?;

    Now we tell the system who "we" are. to do this we use the "HELO" command. Code:

    HELO [something fake]

    and the system will replay to you

    250 [Target Host/Ip] Hello [Fkae Host/IP], pleased to meet you

    no do not quote me on this because i am not sure if this works anymore. but one used ot be able to fool the header simple by using the correct host system...hence if your sending this mail to someone saying your "" you wuld put

    HELO [url][/url]

    Step 4 - Sending the e-mail

    Now is when we declare who we are sending the e-mail to, and who it will be from and also include the message

    First we have to tell the system who we are by using the following command

    MAIL FROM: [email]mail@domain.ext[/email]

    this is where you will put the fake e-mail addy, ther eiwll be a sligth pause or delay and you shoudl get replied back Code:

    250 2.*.0 [email]mail@domain.ext[/email]... Sender ok

    Once again the [email]mail@domain.ext[/email] would be the fake addy. Now we tell the system who we are sending this e-mail to

    RCPT TO: [email]mail@target.ext[/email]

    the systemwill reply back to you

    250 2.*.0 [email]mail@target.ext[/email]... Recipient ok

    Inut sebject Code:

    Subject:-type subject here-

    then hit enter twice to confirm it, once thi shappens you use the data command to start the e-mail. Code:

    data [your text]

    now to complete the letter you hit enter and in the blank line you type a single "." and hit enter. Now if done correctly you shoudl get Code:

    250 2.0.0 ???????? Message accepted for delivery

    now we just type "quot" and will get

    22* 2.0.0 [Targethost] closing connection
    Connection closed by foreign host.

    Congrats you have just sent a forged e-mail.

    Now fomr here the SMTP will send it over to the POP*, because it is comign from a "trusted" server the POP* shoudl self validate it and send it on through. So this hack is not hacking the pop* so much as just confusing it. See the POP* is made to accept e-mails that are validated.....the smtp with no authentiation is already a security risk in the first place.

    What have we learned?

    Forged E-mails are a exploit based off the SMTP server, because this SMP server validates the e-mail on it's end, the POP* doe snot knwo the difference.


  2. #2
    Join Date
    Sep 2006
    I covered most of this in my tut, but nice job anyway
    "Workers of the world unite; you have nothing to lose but your chains." -Karl Marx

  3. #3
    Join Date
    Jan 2008
    Yeah I saw your post, and Noticed alot of people were asking questions on a few things. So I decided to toss it up there.

+ Reply to Thread

Similar Threads

  1. How 2 trace IP addrs, someone forging my info
    By dstanley in forum Internet Privacy
    Replies: 3
    Last Post: 01-27-2013, 07:01 AM
  2. Mail **
    By ivebeenhacked in forum Internet Privacy
    Replies: 7
    Last Post: 08-22-2007, 07:31 AM
  3. Mail Bomb ing
    By Unregistered in forum Internet Privacy
    Replies: 2
    Last Post: 01-17-2005, 01:54 PM
  4. Mail
    By Unregistered in forum Internet Privacy
    Replies: 2
    Last Post: 03-07-2004, 09:22 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts