Email Spoofing

For beginners, flames not allowed...(just by the staff :P)
Post Reply
User avatar
girltribe
Newbie
Newbie
Posts: 1
Joined: 15 Apr 2006, 16:00
14

Email Spoofing

Post by girltribe »

I'm trying to find a program or code where I can make an email address appear to be someone else's. I think it's called email spoofing, at least I hope it is or i'm in for a good lot of (deserved) flaming :oops: . Any information would be much appreciated. Thanks guys.

User avatar
Gogeta70
^_^
^_^
Posts: 3247
Joined: 25 Jun 2005, 16:00
15

Post by Gogeta70 »

Well, today's your lucky day. Because it takes a program called telnet to send spoofed emails. For instance, you could connect to mx1.hotmail.com (mail exchange server 1) on port 25 and then type this:

helo (not a typing error)[enter]
(server replies saying "Hello, you@your.host or IP")
mail from: spoof@this.com (email to send from) [enter]
(reply: 250 OK)
rcpt to: this-is-the@destination.email.com (email to send to) [email]
(reply: 250 OK)
data (typing the data line tells the email server you're ready to start the message information.) [enter]
subject: blah blah (subject, if there is one. if not, skip this step) [enter] [enter]

this is the message, w00t w00t. (type the message after pressing enter twice after subject, then press enter twice after the message.)[enter] [enter]

. (yes, just one period, then press enter.) [enter]

Now, the email server should say something about the mail being queued.

However, if you really want a mailer application, then go here, but be careful. I used that site alot when i was a script kiddie and alot of the files on there are bound with a virus, so scan the program before using it. Also, don't use that website too much, it turns you into a huge ass script kiddie.
¯\_(ツ)_/¯ It works on my machine...

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
14
Location: Michigan USA
Contact:

port 25 smtp

Post by DNR »

Unfortunately due to spammers using unsecured SMTP servers to spam millions of people, most sysadmins lock this down. There was even a legal issue of making sysadmins responsible for spam being sent from their networks.

Your best bet is to find a small company that has a lousy sysadmin. Overseas, small, developing countries may also be ripe for lousy network administration. Scan IP ranges just for port 25 only, then test them by trying to send mail.
Most of the time you will be denied at RCPT TO: , the mailer will verify that you are not a valid user of that network.



BTW, Sam spade is good for parsing and checking for spoofed emails.
If the reciever of the spoofed email is smart enough to read the FULL email headers, they will still see a warning of "may be spoofed".

Good thing many email services do not display full headers...

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

Post Reply