Click on START, and Select RUN...SMTP, Mail via Port 25
SMTP is Simple Mail Transfer Protocol. This text was written to explain Mail Spoofing, anonymous mail, and using Telnet to Port 25. Experts can tell if mail was Spoofed, and they can locate you by contacting the Server which the mail came from.
It is NOT illegal to send mail via Port 25 of any web server that does not have mail relay disabled, but obviously using this tactic for harassing, or threatening others, or using fake mail to obtain personal information will attract the attention of the Police or Sysadmins and get you BUSTED!
Ok, Lets get Started!
Of course this assumes you use Windows 9x.
Click on START, and Select RUN...
Type TELNET in the dialog box and press Enter
The TELNET program starts....
At the top, Select TERMINAL, a menu opens....
Choose PREFERENCES, a dialog box opens, you
see Terminal Options, Emulation, etc
Make sure there is a Check Mark in the box for
ENABLE LOCAL ECHO, buffer should be 25, and Emulation should be VT-100/ANSI
Click on the OK button, the dialog box closes..
At the top, Select CONNECT, a menu drops
down, Select REMOTE SYSTEM, a dialog box opens...
You see a box with HOST NAME, PORT, TERMTYPE...
In the HOST NAME, you can enter any web server that
allows Mail Relay,* (www.whateverworks.com)
In the PORT, clear the box, and enter the numbers
25,
The TERMTYPE should be VT100...
Click on the button CONNECT
* Some Servers DO NOT ALLOW MAIL RELAY, you will have to surf and run a few PORT SCANs to find servers that have Port 25 open for SMTP, and even then, some Sysadmins disable Mail Relay if you do not use certain commands or have an address approved for SMTP on that server. There are plenty of servers that allow Mail Relay though..
OK! If you Connected to a Server , you should something like :
| 220 gnr.u2me3.com ESMTP Sendmail 8.9.3/8.9.3; Mon, 31 Jan 2000 01:45:38 -0500 |
gnr.u2me3.com is the server you connected to, I believe ESMTP Sendmail is the daemon Mail program..
TYPE IN THE LINES AS SHOWN, except use what ever you like as the fake sender, and who you want to send the mail to. I used President/Whitehouse.gov and my E-mail address for this example..
MAIL FROM: President@whitehouse.gov,
hit enter
you might see :
| 250 President@Whitehouse.gov... Sender ok |
RCPT TO: C0VERTl@Excite.com,
hit enter
you might see:
| 250 C0VERTl@excite.com... Recipient ok |
DATA, hit enter
you might see:
| 354 Enter mail, end with "." on a line by itself |
TYPE IN YOUR MESSAGE, its ok to hit enter for the
next line
I wrote:
| I want to appoint you to be the
Supreme Being of the Internet, I will Pay you $2,000,000,000.00 a Year, plus all the free internet time you want please reply to this offer soon President Bill Clinton |
When Finished, put a "." period on a line
by itself, hit enter..
you might see:
| 250 BAA07042 Message accepted for delivery |
Exit from the Telnet program, or to send another
mail, start at the top again. Note, avoid errors because you
cannot use back space to go back and type over. Also, some
servers may not show you the greeting, or the stuff ' you might
see ' above.
Also some servers may provide assistance if you Type HELP, and hit enter.
Here is what the Telnet Program showed on the Screen when I was finished:
220
gnr.u2me3.com ESMTP Sendmail 8.9.3/8.9.3; Mon, 31 Jan
2000 01:47:25 -0500 |
The Stuff in RED was what I typed in.
Ok, So what did the E-Mail look like to the Recipient?
| Date:Mon, 31 Jan 2000 01:47:41
-0500 From: President@Whitehouse.gov Subject: I want to appoint you to be the Supreme Being of the Internet, I will Pay you $2,000,000,000.00 a Year, plus all the free internet time you want please reply to this offer soon President Bill Clinton |
WOW! I got mail from the President at the Whitehouse!!!
REALLY?
No, not really...
If you have the ability to select SHOW FULL HEADERS, you will see.....
| f 3 Return-Path:<President@Whitehouse.gov> Received:from gnr.u2me3.com ([209.198.56.2]) by hissy.excite.com (InterMail vM.4.01.02.31a 201-229-119-114) with ESMTP id <20000131052230.HGZR16213.hissy.excite.com@gnr.u2me3.com> for <C0VERTl@excite.com>; Sun, 30 Jan 2000 21:22:30 -0800 Received: from FlintA1-131.comserv.net (FlintAS1-131.compserv.net [209.XXX.97.XXX] (may be forged)) by gnr.u2me3.com (8.9.3/8.9.3) with SMTP id BAA07042 for C0VERTl@excite.com; Mon, 31 Jan 2000 01:47:41 -0500 Date: Mon, 31 Jan 2000 01:47:41 -0500 From: President@Whitehouse.gov Message-Id: <200001310647.BAA07042@gnr.u2me3.com> X-Authentication-Warning: gnr.u2me3.com: FlintA1-131.comserv.net [209.XXX.97.XXX] (may be forged) didn't use HELO protocol I want to appoint you to be the Supreme Being of the Internet, I will Pay you $2,000,000,000.00 a Year, plus all the free internet time you want please reply to this offer soon President Bill Clinton |
Hmm, Smart server, it said the mail MAY BE FORGED! And Darn it!, there is my ISP and IP!
| Received: from FlintA1-131.comserv.net (FlintAS1-131.compserv.net [209.XXX.97.XXX] (may be forged)) by gnr.u2me3.com (8.9.3/8.9.3) with SMTP id BAA07042 |
( I XX'ed out my IP in this text)
This shows the path of the Mail, My ISP, my IP, and the server I used to send this Spoofed mail.
WHAT DID YOU LEARN?
Its not so hard to Spoof E-Mail
Check the E-Mail headers if you recieve Questionable
E-Mail
If you are a Sysadmin, you might want to disable
port 25, or at least configure it so outsiders cannot use your
server for mail relay.
By: C0VERTl
Covert Links