suck-o.com

Forums
https://forums.suck-o.com/

Email Spoofing

https://forums.suck-o.com/viewtopic.php?t=669

Page 1 of 1

Email Spoofing

Posted: 16 Apr 2006, 03:27
by girltribe
I'm trying to find a program or code where I can make an email address appear to be someone else's. I think it's called email spoofing, at least I hope it is or i'm in for a good lot of (deserved) flaming :oops: . Any information would be much appreciated. Thanks guys.

Posted: 16 Apr 2006, 08:20
by Gogeta70
Well, today's your lucky day. Because it takes a program called telnet to send spoofed emails. For instance, you could connect to mx1.hotmail.com (mail exchange server 1) on port 25 and then type this:

helo (not a typing error)[enter]
(server replies saying "Hello, you@your.host or IP")
mail from: spoof@this.com (email to send from) [enter]
(reply: 250 OK)
rcpt to: this-is-the@destination.email.com (email to send to) [email]
(reply: 250 OK)
data (typing the data line tells the email server you're ready to start the message information.) [enter]
subject: blah blah (subject, if there is one. if not, skip this step) [enter] [enter]

this is the message, w00t w00t. (type the message after pressing enter twice after subject, then press enter twice after the message.)[enter] [enter]

. (yes, just one period, then press enter.) [enter]

Now, the email server should say something about the mail being queued.

However, if you really want a mailer application, then go here, but be careful. I used that site alot when i was a script kiddie and alot of the files on there are bound with a virus, so scan the program before using it. Also, don't use that website too much, it turns you into a huge ass script kiddie.

port 25 smtp

Posted: 16 Apr 2006, 10:53
by DNR
Unfortunately due to spammers using unsecured SMTP servers to spam millions of people, most sysadmins lock this down. There was even a legal issue of making sysadmins responsible for spam being sent from their networks.

Your best bet is to find a small company that has a lousy sysadmin. Overseas, small, developing countries may also be ripe for lousy network administration. Scan IP ranges just for port 25 only, then test them by trying to send mail.
Most of the time you will be denied at RCPT TO: , the mailer will verify that you are not a valid user of that network.



BTW, Sam spade is good for parsing and checking for spoofed emails.
If the reciever of the spoofed email is smart enough to read the FULL email headers, they will still see a warning of "may be spoofed".

Good thing many email services do not display full headers...

DNR
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited