_|_|_| _| _| _| _| _| _| _| _|_|_| _| _|_|_| _| _| _| _| _| _| _| _| _| _| _| _| _| _| _| _| _|_| _| _|_|_| _| _| _| _| _|_|_| _|_|_| _| _|_| _| _| _| _| _| _| _| _| _| _| _| _| _| _| _| _|_|_| _| _| _| _| _| _| _| _| _|_|_| _|_|_| _|_|_| _|_|_| _| _| _|_|_| _|_|_| _|_|_| _|_|_| _| _| _| _| _| _| _| _| _|_|_| _|_|_| _|_| _| _|_| _|_|_| _| _| _| _| _| _| _| _| _| _| _|_|_| _|_|_| _|_|_| _|_|_| http://pheces.home.ml.org "Can ya taste the waste?" öööööööööööööööööööööööööööööööö Title: |||| Spoofing EMail |||| Date: February 19, 1998 Author: wri0t & rootwurm öööööööööööööööööööööööööööööööö There are lots of programs on the net that say they can send fake e-mail. I'm not trying to say those don't work, it's just that they don't work 100% (actually, neither does our method, but our way is 100% better than using a program :-). I'm going to briefly describe how to send an improved fake e-mail and discuss the problems with most fake e-mail programs. I would like to explain how e-mail works, but that would take to long. The problem with fake e-mail programs is that their first issued command is 'helo' which logs you into the server. You may say, "but I've used one and it works fine". It may appear to be from your faked server, but if they look at the header information, it will show some error such as "apparently from". This is a dead giveaway that the mail is fake. Anyway, if you leave out the 'helo' command, you improve your chances for success. Here is the process of faking mail through Telnet: Step #1: Find a STMP (Simple Transfer Mail Protocol) server. To find a STMP server, use telnet to log into as many different servers as you can think of. Use port 25 (the stmp port). Most servers use ESTMP which is not good for faking mail. Once you've found a server that has STMP in the greeting (when you connect), then your on your way. One thing to keep in mind is that the backspace key DOES NOT WORK in windows telnet! If anytime during the telnet session you use backspace, you must disconnect and start over, or else the person getting the mail will get weird characters throughout the fake e-mail. (and that really sucks) Step #2: Start the e-mail. The first issued command should be mail from: bclinton@whitehouse.gov If the server says something like "you must use 'helo'" then, move onto another server, otherwise you should get "+OK sender ok" or something like that. Step #3: Second command should be: rcpt to: victim@aol.net This is your victim's e-mail address. Once again, you should get back "+OK" something. Step #4: Making it believable, type: data It should respond with +OK and then something about '.' being the last command. Step #5: To actually send the message, type: Subject: Greetings, Bill Clinton wishes to have a word with you. To: Charles Manson (victim@aol.net) From: Bill Clinton (bclinton@whitehouse.gov) Charles Manson is where you would put the victim's real name, if you don't know it, just put their e-mail address there, doesn't really matter WHAT goes there. There is only one return after each of these commands, but after the From: command, you MUST press return twice. If you don't, then the text won't send. Don't forget, backspace may look like it's working, but in reality, the e-mail will turn out shitty. Now you can type the actual message: Hi Charles, this is Bill Clinton and I just wanted to say thank you for breaking into whitehouse.gov, my personal body guards are on their way to your home as your reading this. Please have a nice day. Or whatever message you want to go there. Then: . The period followed by a return means you are through with the data, and ready to send. After the period, it should do it's cool "+OK" thingie again. After the +OK, then you type: quit on a line by itself (betcha can't figure out what THAT does!) if you don't know what quit does, then it just sends the message and disconnects you. without quit, your mail won't send. try sending the 'example' mail to yourself, so you can see if it works. also, if you connect to a server that FORCES you to say 'helo', try helo localhost. or try 'helo xxxxxxx'(where xxxxxx is > 1024 x's) email us if you've any questions. (((((((((((((((((((((((((((((((((((((((((((((#yep)))))))))))))))))))))))))))))))))))))))))))))