Saturday, May 26, 2007

How to spoof an email without using software

So you want to play a trick on a friend? Here is an easy way to spoof an email address from within his own company. And him looking at the internet headers won't save him ;-)

So many times I hear people asking how to spoof an email sender address. This is a relatively easy task but I find so many false advertisements for software that say they can do it. Also this method is a bit different than using software to do it since if someone tries to determine that it is fake it will actually say it is from the proper email server.

This method will only work by spoofing email to and from people in the same organization, which in reality can be the most damaging ;-)

So lets start out with a little back story:

“Friend A” has decided to play a trick on “Friend B”, by sending a notice to “Friend B” that he has been fired from “Company A” by his boss. So how will we be able to do this? Easy we are going to send an email via Telnet!

So the first order of business is to find out what the email server address of “Company A” is. We can do this by locating the MX or Mail Exchange record of “Company A” To do this we can perform a nslookup query from the command line but sometimes it is easier to use a website for you new guys. So go here:

http://centralops.net/co/DomainDossier.aspx

Then type in the domain name of “Company A” which if your friend email address was friendb@companya.com, it would be companya.com. Then check the box next to “DNS Records”

Now after doing this you will see a whole slue of information, what we are looking for are the records labeled “MX” there will be more then one, which is fine. The one we are interested in is the one with the lowest number, which indicates it is the primary MX for the company. Now take the name of the mail server. For our purposes we are going to assume the name of the server is mail.companya.com and next open your favorite command line or terminal utility. In windows you get there by clicking “Start” then “Run” and then typing “cmd”. Next you will type the following


> telnet mail.companya.com 25

Telnet is the application we are going to use but in this case we are connecting to port 25 and not to the normal telnet port of 23. Port 25 is used for SMTP or the protocol used for email.
You should get the following response back if you are connecting to an exchange server.

220 mail.companya.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Tue, 19 Feb 2005 14:44:12 -0500

Now you should type the following

> helo companya.com


The server should respond that helo back. Next type in the following:

> mail from: theboss@companya.com

This tells the server that you want to send email from the bosses account. Next type:

> rcpt to: friendb@companya.com

This is your friends email address. And next type:

> data

This sets the system to get ready for you to begin writing your message. Now start typing what you want to say:

> Friend B, I am tired of your constant watching of penny arcade video’s and now you are fired.

Once you are done writing your message hit enter, then type a period “.” And then hit enter again. It will store and then save your message sending it to your friend. Now that is what I call funny!

No comments: