BlackHat security

Well, let's get started then. Well in order to fake (spoof) an email, you first need to have an SMTP (Simple Mail Transfer Protocol) server that you can use to send the email from. How do you find one? Simple

First decide what server you want to use to send email from, for this example I will use Hotmail. Now go to Start --> Run --> Type the word 'cmd' without the '
Now that you have DOS open, type the following command:

nslookup -querytype=mx hotmail.com

You can replace hotmail.com with whatever site's mail servers you want to use. Anyway, when you execute that command, the following output comes out:

Non-authoritative answer:
hotmail.com     MX preference = 5, mail exchanger = mx2.hotmail.com
hotmail.com     MX preference = 5, mail exchanger = mx3.hotmail.com
hotmail.com     MX preference = 5, mail exchanger = mx4.hotmail.com
hotmail.com     MX preference = 5, mail exchanger = mx1.hotmail.com

The SMTP servers are mx2.hotmail.com, mx3.hotmail.com, etc. Now, for the next part of the tutorial, I will be using mx2.hotmail.com.

Now, let's get started spoofing the actual email! You still have DOS open right, good. Now type the following command to connect with Hotmail's SMTP server. You can replace the server name with your preferred server.

telnet mx2.hotmail.com 25

You will see whatever welcome message they give. Now type the following command:

HELO

You'll get a message, usually with your IP. Now the next command shows what email you want to pretend to be sending from. I'll use the fake email lala@lala.org

MAIL FROM: lala@lala.org

You should get a 250 OK. Now we will type a command to choose who we want the email to go to. I will use the fake email blah@blah.com

RCPT TO: blah@blah.com

Now you get another 250 OK. Now we will start the actual message. Type:

DATA

Then type your message. Be sure to add title headers, like Subject, To, From, etc. so the email looks real. After you are done typing the email, press Enter, then type a . then press Enter again. Your email has been sent!


Now type quit to end the connection to the server.

That's all for now, hope you learned something!

So, you want to learn how to send your own fake mail? It's extraordinarily easy to do, and requires no extra software installed on your PC at all. It can be done with Windows, Macintosh, Linux - any modern PC that has an internet connection will do it.

There are a just a few simple steps. First, you'll need to decide on the FROM and the TO email addresses. If the FROM address that you're choosing isn't a real one, make sure that the domain name(the bit after the @ sign) is a real one. If it's not a real one, it almost certainly won't work.

For the purpose of this tutorial, we'll be sending from bush@whitehouse.gov to dummy@anysite.com.

Second, you'll need to find out the mail server that your recipient is using.

Click Start, Run, enter "CMD", then press OK. In the window that comes up, type nslookup -q=MX anysite.com

Go to Applications, Utilities, and choose Terminal. In the window that comes up, type nslookup -q=MX anysite.com

Bring up your favorite shell, and type nslookup -q=MX anysite.com

There will be a lot of information on the screen - all you need to look for is a line that talks about a mail exchanger. If there are several, pick the one with the lowest "preference number".

anysite.com        MX preference = 10, mail exchanger = mail.anysite.com

Now, you'll need to connect to this mail exchanger using telnet. This is the same for any PC, but Vista users may not have it installed by default - see this note about getting telnet on Vista before you continue. When you're ready, type:

telnet mail.anysite.com 25
       

Press enter, and after a short pause, you should see a welcome message from the server.

Ok, so now you're connected. You need to enter the following information - press ENTER at each new line. You won't be able to press backspace to delete a mistake, so you'll need to type everything correctly first time!

HELO whitehouse.gov

This tells the mail server that we are "whitehouse.gov".

MAIL FROM: </BUSH@WHITEHOUSE.GOV>

This tells the server who is sending the mail.

RCPT TO: </DUMMY@ANYSITE.COM>

This tells the server who to deliver the mail to. At this point, if the recipient doesn't exist, you may see a warning message (but not always).

DATA

This tells the server that we're ready to start writing our message. It should acknowledge, telling you to end your message with a full stop (period) on a single line. All we need to do now, is write our message and don't forget that full stop at the end.

Hello dummy@anysite, I managed to send a fake mail all by myself!
.

Dont forget that last dot. When you've done that, and pressed enter, simply enter QUIT and your mail should be delivered.

There's a little bit more to it, of course. You'll need to enter proper "headers" if you want the mail to look more believable. After doing the DATA command, I'd recommend pasting in the following "headers" to make sure it looks realistic when viewed in Outlook, Hotmail, etc.

Date: Sun, 01 Apr 2007 12:49:13 +0100 (BST)
From: George W Bush 
To: Poor Sod 
Subject: Fake mail

Hello dummy@anysite, I managed to send a fake mail all by myself!
.
</DUMMY@ANYSITE.COM></BUSH@WHITEHOUSE.GOV>

And that's all there is to it.

 

Check Out This also : Email Spoofing in DOS