Email manipulation question
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
Email manipulation question
Is there a program that I can email somebody anonymous or from any email address i want? like say i want to prank one of my friends and email them as chuck.norris@texaswalkerranger.com .. any ideas?
thanks in advance
thanks in advance
- Shimo
- Fame ! Where are the chicks?!
- Posts: 197
- Joined: 17 May 2008, 16:00
- 15
- Location: Canada
- Contact:
http://lifehacker.com/software/email/sp ... 330587.php I hear this is a good prog for spoofing emails... How ever heres a tip for this forum when asking questions... The people here like you to be as precise as possible when asking for help... So try and learn the name of the method first. Any ways hope that helps.
[img]http://i133.photobucket.com/albums/q49/xblric9000000/ShimoSignature.jpg[/img]
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
Or.....
You could telnet an smtp server on port 25 and send the email with whatever domain you want.
This actually isn't a vulnerability in smtp servers, is a "feature", since most of them are configured to listen incoming connections in port 25, the only thing you need to know is how to talk to the server and there's a lot information about that on the net.
Not every smtp might work but many of then will do.
Regards
You could telnet an smtp server on port 25 and send the email with whatever domain you want.
This actually isn't a vulnerability in smtp servers, is a "feature", since most of them are configured to listen incoming connections in port 25, the only thing you need to know is how to talk to the server and there's a lot information about that on the net.
Not every smtp might work but many of then will do.
Regards
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
does this sound about right?
http://www.haklabs.com/2007/software-fr ... -spoofing/
and does it only work within one domain or group? like can i change email@xyz.com to whatever i want?
I followed instructions correctly (i think) and never received the email
http://www.haklabs.com/2007/software-fr ... -spoofing/
and does it only work within one domain or group? like can i change email@xyz.com to whatever i want?
I followed instructions correctly (i think) and never received the email
- Shimo
- Fame ! Where are the chicks?!
- Posts: 197
- Joined: 17 May 2008, 16:00
- 15
- Location: Canada
- Contact:
Yeah sorry it didn't work.. I quickly googled it while I was helping a friend learn html and batch.... Basically hes paying me to teach him how to hack . And yes I know html has nothing to do with hacking but it will give him a simple understanding of script. And Im teaching batch files for immediate satisfaction to keep him hooked... For the most part I'm sending him resources and giving a slight explanation when asked.... Who would of though I could make money hacking without breaking the law . Any ways I went on a rant.. Glad I at least learnt you a new term.
[img]http://i133.photobucket.com/albums/q49/xblric9000000/ShimoSignature.jpg[/img]
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
You can make ALOT of $$ hacking, especially if you get some certsShimo wrote:Yeah sorry it didn't work.. I quickly googled it while I was helping a friend learn html and batch.... Basically hes paying me to teach him how to hack . And yes I know html has nothing to do with hacking but it will give him a simple understanding of script. And Im teaching batch files for immediate satisfaction to keep him hooked... For the most part I'm sending him resources and giving a slight explanation when asked.... Who would of though I could make money hacking without breaking the law . Any ways I went on a rant.. Glad I at least learnt you a new term.
do you know of a good program to compile a .BAT file to a .EXE?
or the link i posted above, does it hold any weight ( is the information correct?) I tried it and it didnt work
thanks
about port 25
going off topic there, start another thread or search for a topic "re: bat file to exe" (someone already asked that)
I wrote a paper back in the 1990's about SMTP and port 25. Back then you could always find a new business or network that had port 25 available to spoof from. But, since then, spammers have caused problems, gov/commercial regulations now sort of require network admins to lock down port 25 to prevent spammers from spoofing from it. Sysadmins can have their network IP blocked from other email servers, companies can get embarassed or bogged down networks where they can't get decent QoS.
The haklabs tut had one special ingredient - it told you how to spoof from within your own network - the user spoofing would be allowed to send mail because the mail server will reconise it as coming from inside its network - not outside. If you tried the same tut but acting from outside the network, you could be filtered by IP, mac, host, or even user/pass.
finding an open, anonymous port 25 is harder these days. You can scan IP ranges for open port 25's - I like to find smaller businesses or starting computer companies - as they have poor admin. Look for local businesses in your home town.
DNR
I wrote a paper back in the 1990's about SMTP and port 25. Back then you could always find a new business or network that had port 25 available to spoof from. But, since then, spammers have caused problems, gov/commercial regulations now sort of require network admins to lock down port 25 to prevent spammers from spoofing from it. Sysadmins can have their network IP blocked from other email servers, companies can get embarassed or bogged down networks where they can't get decent QoS.
The haklabs tut had one special ingredient - it told you how to spoof from within your own network - the user spoofing would be allowed to send mail because the mail server will reconise it as coming from inside its network - not outside. If you tried the same tut but acting from outside the network, you could be filtered by IP, mac, host, or even user/pass.
finding an open, anonymous port 25 is harder these days. You can scan IP ranges for open port 25's - I like to find smaller businesses or starting computer companies - as they have poor admin. Look for local businesses in your home town.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: about port 25
True but it's like you say, there will be always a poor admin (being lazy or just bad) who doesn't pay much attention to security/control issues or it's just someone who's starting and don't know much about the implications of the services they are offering.DNR wrote:I wrote a paper back in the 1990's about SMTP and port 25. Back then you could always find a new business or network that had port 25 available to spoof from. But, since then, spammers have caused problems, gov/commercial regulations now sort of require network admins to lock down port 25 to prevent spammers from spoofing from it. Sysadmins can have their network IP blocked from other email servers, companies can get embarassed or bogged down networks where they can't get decent QoS.
The haklabs tut had one special ingredient - it told you how to spoof from within your own network - the user spoofing would be allowed to send mail because the mail server will reconise it as coming from inside its network - not outside. If you tried the same tut but acting from outside the network, you could be filtered by IP, mac, host, or even user/pass.
finding an open, anonymous port 25 is harder these days. You can scan IP ranges for open port 25's - I like to find smaller businesses or starting computer companies - as they have poor admin. Look for local businesses in your home town.
Regards
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
Thanks for all your help, still have another n00b question though..
So if I spoof an email it has to be from that business or company??
Like say I want to prank my friend and send an email from chucknorris@chucknorris.com i would have to actully use a SMTP port from chucknorris.com to do so?
also does anyone have any good SMTP hosts that i could use? or a good link?
thanks!!
So if I spoof an email it has to be from that business or company??
Like say I want to prank my friend and send an email from chucknorris@chucknorris.com i would have to actully use a SMTP port from chucknorris.com to do so?
also does anyone have any good SMTP hosts that i could use? or a good link?
thanks!!
No, you don't to use the email of the smtp server, if you successfully telnet some smtp server you can set the email you want (chucknorris@chucknorris.com for instance) in the "mail from:"
About links, you should follow the advice DNR an do some scan over port 25 in some IPs ranges or check for smpt server of small business of your location, this commonly don't care or know much about services protection.
Regards
About links, you should follow the advice DNR an do some scan over port 25 in some IPs ranges or check for smpt server of small business of your location, this commonly don't care or know much about services protection.
Regards
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
Very nice lolbad_brain wrote:instead of active scanning you could also simply try the servers your everday incoming spam was sent through, many of them are open mail relays (either hacked or simply bad config)...
so im guessing the only "real" way to do it is through a proxy then to a anonymous SMTP port? (thanks BB i am sure i can find a SMTP server now)
i was also told all i need to do is setup a php mailer on a server somewhere and tha will work just as good, anyone have any good RAT suggestions? and I seen a thing on TV where as soon as the email is opened the system is exposed, no links need to be clicked or anything, anyone know how this is done so i can protect my network?
email and active script
Email can contain active script - so if you gave full rights to your browser it can run them just by you opening the email. Thats why its best not to open email you didn't request. Most fine email host would scan the email prior to you getting it, but they might not block the minor malware like a web-bug.. At least configure your browser to ask before running active script.
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.