How
to Forge Email with Windows XP Telnet
Want
a computer you can telnet into and mess around with, and not get into trouble
no matter what you do to it? I've set up my
techbroker.com (206.61.52.33) with user xyz, password guest for you to play with. Here's how to forge email to xyz@techbroker.com using
telnet. Start with the command:
techbroker.com (206.61.52.33) with user xyz, password guest for you to play with. Here's how to forge email to xyz@techbroker.com using
telnet. Start with the command:
C:\>telnet
techbroker.com 25
Connecting To Techbroker.com
Connecting To Techbroker.com
220
<techbroker.com> Service ready
Now
you type in who you want the message to appear to come from:
helo
santa@techbroker.com
Techbroker.com will answer:
Techbroker.com will answer:
250
<techbroker.com> host ready
Next
type in your mail from address:
mail
from:santa@techbroker.com
250
Requested mail action okay, completed
Your
next command:
rcpt
to:xyz@techbroker.com
250 Requested mail action okay, completed
250 Requested mail action okay, completed
Your
next command:
data
354 Start main input; end with <CRLF>.<CRLF>
data
354 Start main input; end with <CRLF>.<CRLF>
Newbie note: <CRLF> just means hit return. In case you can't
see that little period between the <CRLF>s, what you do to end composing
your email is to hit enter, type a period, then hit enter again.
Anyhow,
try typing:
This
is a test.
.
250 Requested mail action okay, completed
quit
221 <techbroker.com> Service closing transmission channel
.
250 Requested mail action okay, completed
quit
221 <techbroker.com> Service closing transmission channel
Connection
to host lost.
Using
techbroker's mail server, even if you enable full headers, the
message we just composed looks like:
message we just composed looks like:
Status:
R
X-status: N
X-status: N
This
is a test.
That's
a pretty pathetic forged email, huh? No "from", no date.
However, you can make your headers better by using a trick with the data command. After you give it, you can insert as many headers as you choose. The trick is easier to show than explain:
However, you can make your headers better by using a trick with the data command. After you give it, you can insert as many headers as you choose. The trick is easier to show than explain:
220
<techbroker.com> Service ready
helo santa@northpole.org
250 <techbroker.com> host ready
mail from:santa@northpole.com
250 Requested mail action okay, completed
rcpt to:<script language="JavaScript"><!-- var name = "cmeinel"; var domain = "techbroker.com"; document.write('<a href=\"mailto:' + name + '@' + domain + '\">'); document.write(name + '@' + domain + '</a>'); // --></script>
250 Requested mail action okay, completed
data
354 Start main input; end with <CRLF>.<CRLF>
from:santa@deer.northpole.org
Date: Mon, 21 Oct 2002 10:09:16 -0500
Subject: Rudolf
This is a Santa test.
.
250 Requested mail action okay, completed
quit
221 <techbroker.com> Service closing transmission channel
helo santa@northpole.org
250 <techbroker.com> host ready
mail from:santa@northpole.com
250 Requested mail action okay, completed
rcpt to:<script language="JavaScript"><!-- var name = "cmeinel"; var domain = "techbroker.com"; document.write('<a href=\"mailto:' + name + '@' + domain + '\">'); document.write(name + '@' + domain + '</a>'); // --></script>
250 Requested mail action okay, completed
data
354 Start main input; end with <CRLF>.<CRLF>
from:santa@deer.northpole.org
Date: Mon, 21 Oct 2002 10:09:16 -0500
Subject: Rudolf
This is a Santa test.
.
250 Requested mail action okay, completed
quit
221 <techbroker.com> Service closing transmission channel
Connection
to host lost.
The
message then looks like:
from:santa@deer.northpole.org
Date: Mon, 21 Oct 2002 10:09:16 -0500
Subject: Rudolf
This is a Santa test.
Date: Mon, 21 Oct 2002 10:09:16 -0500
Subject: Rudolf
This is a Santa test.
The
trick is to start each line you want in the headers with one word
followed by a colon, and the a line followed by "return". As soon as
you write a line that doesn't begin this way, the rest of what you
type goes into the body of the email.
followed by a colon, and the a line followed by "return". As soon as
you write a line that doesn't begin this way, the rest of what you
type goes into the body of the email.
Notice
that the santa@northpole.com from the "mail from:" command didn't
show up in the header. Some mail servers would show both "from"
addresses.
You
can forge email on techbroker.com within one strict limitation.
Your email has to go to someone at techbroker.com. If you can find any way to send email to someone outside techbroker, let us know, because you will have broken our security, muhahaha! Don't worry, you have my permission.
Your email has to go to someone at techbroker.com. If you can find any way to send email to someone outside techbroker, let us know, because you will have broken our security, muhahaha! Don't worry, you have my permission.
Next,
you can read the email you forge on techbroker.com via telnet:
C:\>telnet
techbroker.com 110
+OK
<30961.5910984301@techbroker.com> service ready
Give
this command:
user xyz
+OK user is known
user xyz
+OK user is known
Then
type in this:
pass test
+OK mail drop has 2 message(s)
pass test
+OK mail drop has 2 message(s)
retr
1
+OK message follows
This is a test.
+OK message follows
This is a test.
If
you want to know all possible commands, give this command:
help
+OK help list follows
USER user
PASS password
STAT
LIST [message]
RETR message
DELE message
NOOP
RSET
QUIT
APOP user md5
TOP message lines
UIDL [message]
HELP
+OK help list follows
USER user
PASS password
STAT
LIST [message]
RETR message
DELE message
NOOP
RSET
QUIT
APOP user md5
TOP message lines
UIDL [message]
HELP
Unless
you use a weird online provider like AOL, you can use these
same tricks to send and receive your own email. Or you can forge email to a friend by telnetting to his or her online provider's email
sending computer(s).
same tricks to send and receive your own email. Or you can forge email to a friend by telnetting to his or her online provider's email
sending computer(s).
No comments:
Post a Comment