Please do not use this information with malicious intent. This tutorial is intended for reference and recreational purposes only. Do not use email to harass people or otherwise break the law. Forging email headers may be illegal in your area and it is not difficult to determine the origin of a forged email. Please understand what you’re getting yourself into before you start. If you break the law, you will get caught. I am not responsible for any actions you take using this reference. If you intend to break the law or if you don’t agree to the terms listed above, stop reading now. If you’re interesting in learning something and having some fun with consenting participants, continue reading…
Step 1: Find the person’s mail server
Generally, email goes through at least two servers. The sender’s email client will connect to it’s server, asking it to forward a message to the recipient’s server. The recipient’s server will then store the message where the recipient can find it, like a POP, IMAP or webmail server. To send our fake email, we must act like we’re the sender’s server connecting to the recipient’s server.
Our first step is to find the recipient’s server with a DNS lookup. If the host command is available on your system, you could execute:
host -t MX gmail.com
This looks up the MX (mail exchange) records in gmail.com’s DNS zone file. If you wanted to send email to someone on hotmail, you would change gmail.com to hotmail.com. Assuming things are setup properly, you should get something like this:
gmail.com mail is handled by 10 gsmtp181.google.com.gmail.com mail is handled by 20 gsmtp57.google.com.
This tells us that mail for gmail.com should be sent to gsmtp181.google.com or gsmtp161.google.com. If you don’t have access to the host command, there are several websites that will do the search for you. Google ‘dns lookup’ to find one.
Step 2: Connect to the recipient’s mail serverWe can manually connect to the mail server using the telnet command. The default port for smtp traffic is 25, so you could execute:
microsoft telnet> o gsmtp181.google.com 25
This would connect to the above mentioned gmail server, and if the server is listening on port 25, you should get a response like:
Trying 64.233.171.27...Connected to gsmtp181.google.com.Escape character is ‘^]’.220
mx.gmail.com ESMTP 70si160791rnc
You can now start your smtp ‘conversation’ with the server.
Step 3: Tell the server who you areOnce you’ve connected, the first step in an smtp conversation is to say hello to the server. Some servers use this as an opportunity to to check that you are who you say you are. Since the server already has your IP address, the most reliable way to get your message approved is to tell the truth by identifiying yourself using your IP address.
Determining your IP address is different on every system and network configuration. If you don’t know your IP address (or how to find it), there are sites on the web that will tell you this too. Google ‘what is my ip’ to find one.
Let’s assume that your address is something like (10.38.13.79). To tell the server who you are, type the following and hit enter.
helo google.com
This is not a typo. In smtp, hello is spelled with only one L. If the server approves, you should get a welcome message like:
250 mx.gmail.com at your service
Step 4: Tell the server that you have a messageThe next step in the conversation is to tell the server who your message is from. Normally, this would be the sender’s email address, but because we’re using a fake address, we can’t do that. Some servers try to match the domain of the from address to your IP address. To avoid this, we won’t give a domain name (we’ll be able to do that later). For now, we’ll give a simple name like steve, chuck or even god. To do this, type the following and hit enter.
mail from:
You can experiment with the name you give here. Some servers don’t check the address, so you can give a full email address like god@heaven.org or billgates@microsoft.com. You should get a response like:
250 2.1.0 OK
Step 5: Tell the server who the message is forThis is an easy step. It should only go wrong if you’ve connected to the wrong server. If you’re contected to gmail.com’s server (as above), you should only be able to send messages to addresses that belong to gmail.com. If you wanted to send a message to asdf@gmail.com you would type the following and hit enter.
rcpt to:<asdf@gmail.com>
The server should then recognize that the message is for a domain that it handles. It should respond with something like:
250 2.1.5 OK
Step 6: Tell the server your messageNext, tell the server that you’re ready to transmit the message. Type the following and hit enter.
data
You should get a response like:
354 Go ahead
You can now type your message. It should start off with some email headers to tell the recipient’s email client how to display the email. The ‘From: ‘ header will tell the client who the message is from, and in most cases disguise the from address given in step 4. The ‘Subject: ‘ header signifies the subject of the message. The ‘Date: ‘ header can help disguise when the message was actually sent.
Please remember that with even a little technical knowledge (and maybe some help from the recipient’s ISP), forged email headers can be detected. In fact, it’s pretty easy to determine where the message is actually coming from. That’s why most spammers use hacked (zombie) computers, open mail relays or forged IP addresses to send their spam. Using these methods to obscure your identity is highly unethical (and beyond the scope of this tutorial :).
After the headers, all text is considered to be the message body. A line with nothing but a period on it signals the end of the message. Type the following, hitting enter at the end of every line.
From: god@heaven.orgSubject: You’ve been a bad boy!Dear Recipient,
I’ve been watching you. You’ve been a very bad boy. You better straighten up or I’ll have to smite you.
Thanks,God.
You should get a response something like:
250 2.0.0 OK 1099068182
Step 7: Quit, or go back to step 4 to send another messageYou now have the option of sending another message through this server by going back to step 4. To disconnect from the server, type the following and hit enter.
quit
You should get a response something like:
221 2.0.0 mx.gmail.com closing connectionConnection closed by foreign host.
Your session is now closed and your message should be in the process of getting to its recipient. A complete session might look something like this:
Microsoft telnet> gsmtp181.google.com 25
Trying 64.233.171.27...Connected to gsmtp171.google.com.Escape character is ‘^]’.220 mx.gmail.com ESMTP 74si233400rnb
helo 10.38.81.3
250 mx.gmail.com at your service
mail from:
250 2.1.0 OK
rcpt to:<
250 2.1.5 OK
data
354 Go ahead
From: god@heaven.orgSubject: You’ve been a bad boy!Dear Recipient,
I’ve been watching you. You’ve been a very bad boy. You better straighten up or I’ll have to smite you.
Thanks,God.
250 2.0.0 OK 1099068936
quit
221 2.0.0 mx.gmail.com closing connectionConnection closed by foreign host.
The commands issued by you are in highlighted in grey, and the server’s responses are highlighted in blue.
No comments:
Post a Comment