Google Spoof Mail fun

07Apr06

So, you want to spoof mail? It may or may not be as difficult as you think it is. There are many ways of spoofing a mail. We shall discuss the two most often used method.

The easy one:

Google Homepage is introducing a lot of widgets, one of them is the mini mail service, which requires no configuration. This can be exploited to send fake mails. Simply log on to your google account and go to http://www.google.com/ig on the top left corner click the button “add content” and search for mini mail widget. Else visit this url to get it directly. The res tis easy enter the email ids and enter the text and have fun.

The only drawback is that you can’t edit the name of the sender. Which means the Victim will recieve a mail where the sender name will be the email id. This is not desireable, since the victim may figure out its a spoof mail. Further you can’t edit the “reply-to” field also. This is where the harder method comes into play.

The harder method:

If you have basic computer knowledge and some ideas on networking (esp. telnet) this guide will be simple for you and you can skip most of this tutorial. If you don’t, read thro this whole tutorial.


Mail can be sent over telnet, port 25, this is the SMTP (Simple Mail Transfer Protocol). Basically, you set up a connection, and execute several commands to send your mail. But if you have a basic e-mail account, have gotten a few letters from Yahooers, and looked at the headers, you probably know that they come from very different servers, “mta135.mail.yahoo.com”, “sbt854.mail.yahoo.com” etc…

So when mail is sent, how does it know which server to go to, there are literally thousands. Well, the answer is MX (Mail Exchange) servers; these keep a record of which servers contain which addresses (no you don’t need to access this illegally). Ok, so just like a real mail server we need to inquire about some things.

First let’s figure out who we’re spoofing mail to, say “ganeshapp@mail.example.com”. Now, memorize the entire domain (everything after the “@”), for this example it is “mail.example.com”, although usually it will not have a sub domain (“yahoo.com”, “hotmail.com”, etc…).

Now, I hope you’re using Microsoft. Now, start a command prompt, if you don’t know how to do that, press the Windows button + R, a run window should come up, type “cmd” and press enter. Okies, now you’re in command prompt, and your primary objective is to find the MX server. Who can help you?

Nslookup! Type in “nslookup” and press enter, this should bring up a “>” prompt. If it does work then type in “set type=mx” and press enter, guess what that does? Yes, now nslookup will look for MX servers associated with what you type in. Now recall what I asked you to memorize earlier (everything after the “@”), this is your recipient’s domain. Type it in and press enter. You should get a couple of lines of response info, look for “Non authoritative answer:” Below that you should see a list of servers (possibly only one) and their “MX preference”.

What does this mean? Well when mail is sent to these servers, first the one with the lowest MX preference (1) takes it. If there are multiple servers with the same MX preference, mail is distributed evenly among them. Each server with an MX preference of above one is a “backup server”, in the case of a DoS DDoS or DRDoS attack the first MX server will consume all of the malicious traffic, and the backup servers will get to work on their real mail.

So now we understand that the server with the highest number for MX preference will most likely NOT be in use. So let’s write it down, pretend that for our “mail.example.com” query we got:

“Non authoritative answer: mail.example.com MX preference = 3,

mail exchanger = server3.mx.mail.example.com

mail.example.com MX preference = 2,

mail exchanger = server2.mx.mail.example.com

mail.example.com MX preference = 1,

mail exchanger = server1.mx.mail.example.com”

So we pick, “server3.mx.mail.example.com”, since it has the highest number for MX preference and therefore will be used the least. Now we know where to connect to! YAY! Let’s exit nslookup by typing in “exit” and pressing enter.

Now we need to connect to “server3.mx.mail.example.com” (remember, I made this up, there is no “server3.mx.mail.example.com”) type in:

“telnet server3.mx.mail.example.com 25”

The format for telnet is “telnet [server] [port]” so the previous should be self-explanatory. Now there are various response codes you need to know:

220 is a greeting on connection

221 is a goodbye on a proper connection close

250 is your new favorite number, the ok code

354 means “Start data input” (main message)

421 is service not available

451 is a connection drop

501 is a syntax error

502 means you entered a non-existent command

550 is no such user (sending to a non-existent address)

There might be others which I am forgetting. Immediately you should get a 220, whatever it says after the code does not matter, if it says “Gotcha hacker, the cops are on their way to your house NOW!” don’t be scared off, this can be configured to say anything.

Now, the first thing you need to do so that the server won’t get pissed is say hi. Type in “HELO” and press enter (it doesn’t have to be all caps, that’s just my habit). If you can’t see what you are typing, type in “QUIT”, you’ll exit out, type in “telnet” and at the “Microsoft Telnet>” prompt type in “set LOCAL_ECHO” and then “quit”, then re-connect. If the “HELO” does not return a 250, the admins have gotten a little fake-mail-defensive, so try “EHLO” you MUST get a 250 for at least one of the two commands before you continue.

Now let’s figure out what we want the from address to be, let’s pretend that “ganeshapp@mail.example.com” is an immigrant, and we want to scare the crap out of him by sending a fake e-mail from “principal@college.com” saying that he is getting suspended. So, now that we greeted the server, let’s run the “MAIL” command, (remember, if you don’t do anything for too long, you’ll get a connection close, so type fast). So, for our example we type in “MAIL FROM: <principal@college.com>” and press enter. Got a 250? Good. Now let’s make sure it gets to the right recipient, with the “RCPT” command: “RCPT TO: <ganeshapp@mail.example.com>”, again you should get a 250. You can put down multiple “RCPT”s, to send it to several addresses. Now, time for the main course, type in “DATA” and press enter, you should get a 354, meaning “Start typing”. First come headers! Headers are important! The format is “[header]: Text of header” make note of the colon and the space. There are many headers:

Subject: This is the subject.

To: You can put the Name and address of the recipient here, you’ll see the syntax later in the example.

From: Your Name can be as long as you want, but must be followed by an address.

Reply-To: This is the Reply-To address, make note of the hyphen and the capitol letters. You can put a name here too, but it’s optional.

MIME-Version: If your letter is plain text, never mind this header, make note of the hyphen and the capitol letters.

Content-type: If your letter is plain text, never mind this header, make note of the hyphen and the capitol letter.

You may be confused now. Well, to make things simpler, for our example we don’t need “MIME-Version” or “Content-type” and you won’t need them for most of your life. Maybe later if you are making a cookie-stealer or trying to SE someone’s password, you’ll need “MIME-Version: 1.0” and “Content-type: text/html; charset=iso-8859-1” to send HTML e-mails.

Newbies: Forget what you just read, it will only confuse you more! For now let’s see what we would type in for our example:

“Subject: This is your principal, U R D-suspended!

To: Ganesh APP<ganeshapp@mail.example.com>

From: Principal <principal@college.com>

Reply-To:  <principal@college.com>”

Now, to separate the headers from the main text of our letter, just press enter, leaving an empty line will notify the SMTP interpreter that the headers have ended. After that you can type as much as you want, on as many lines as you want, so how do you end the message? On a separate line type “.” (the period is an SMTP termination character) and your e-mail will be sent. You should get another 250. Then just type “QUIT” to close connection. You should get a 221. So let’s see what we would type for the example:

“Get out of my college, or I’ll send the FBI and CIA after you! They’re vicious I tells ya, VICIOUS! Part this land at once. OR ELSE!.QUIT”

That should make some sense… I know it really doesn’t. So I’ll Just recap with the entire example (comments are after “//”)

// Start by running command prompt.

Message: nslookup // Run nslookup so we can find our server.

Message: set type=mx

Message: mail.example.com

Response: Non authoritative answer:

Response: mail.example.com MX preference = 3, mail exchanger = server3.mx.mail.example.com // Okies, this is the server we need!

Response: mail.example.com MX preference = 2, mail exchanger = server2.mx.mail.example.com

Response: mail.example.com MX preference = 1, mail exchanger = server1.mx.mail.example.com

Message: exit // Exit nslookup.

Message: telnet

Message: set LOCAL_ECHO // Turning on LOCAL_ECHO so we can see what we type.

Message: quit

Message: telnet server3.mx.mail.example.com 25 // Setting up a connection.

Response: 221 Some Message

Message: HELO

Response: 250 Some Message

Message: EHLO // Just in case.

Response: 250 Some Message

Message: MAIL FROM: <principal@college.com>

Response: 250 Some Message

Message: RCPT TO: <ganeshapp@mail.example.com>

Response: 250 Some Message// Remember, you can have multiple “RCPT TO”s

Message: DATA

Response: 354 Some Message

Message: Subject: This is your principal, U R Suspended!

Message: To: Ganesh APP <ganeshapp@mail.example.com>

Message: From: Principal <principal@college.com>

Message: Reply-To: Principal <prprincipal@college.com>

Message: Message: Get out of my college, or I’ll send the FBI and CIA after you!

Message: They’re vicious I tells ya, VICIOUS!

Message: Part this land at once. OR ELSE!

Message: .

Response: 250 Some message

Message: QUIT

Response: 221 Closing Connection…

Good luck with that. Practise before you go for the kill. And never type something wrong. One typos and you will have to start over. Will soon post on how to spoof emails with *nix and Mac.

Disclaimer: The tutorial is only for educational purpose. Bot-Hack doesnt take responsibiltyof what ever damage you cause using these techniques. you are on your own to try them.



25 Responses to “Google Spoof Mail fun”

  1. Good Info. Here I will use only the easier one

  2. thanks da ….but spoof again nslookup is not working in my comp😦

  3. Thanku thanku.😀

  4. This is very informative and you have explained everything so neatly🙂
    Although I already knew how to spoof using Telnet long before I read your how-to, I bookmarked this page🙂
    Have a great day !

  5. 5 bothack

    Thank you Nithanth…

  6. 6 raj

    hello

  7. 7 febridge

    Great post. Can’t wait for the Mac Version.
    I tried the hack on pc and did not get any response after the telnet server port entry. All i got was a blank prompt screen. Any suffestions?

  8. This is what I was looking for, glad I found it.

  9. im defo doing this write, i get 250’s all the way but the emails never come through even though it says they have been qued for delivery. Its hotmail, can they block spoofs or will i be doing something wrong

  10. 10 TestQFE

    EWFEF

  11. 11 julio

    Hola esta es una prueba

  12. 12 julio

    hola esta es una…

  13. 13 praneeth

    a very good information
    i was able to do every thing but after giving “.” to end my message it’s showing yhe following message

    550-5.7.1 [117.195.163.16] The IP you’re using to send email is not authorized
    550-5.7.1 to send email directly to our servers. Please use
    550 5.7.1 the SMTP relay at your service provider instead. c5si386405nfi.2

    any suggestions

  14. 14 i fuckin hate you

    why are you teaching this you moron, do something productive!!

  15. It wont connect tto the server

  16. 16 Pedro Fiel

    Does anyone know any good server to spoof? Hotmail says I have a dynamic IP and immediately shuts me down, yahoo doesn’t work and I’ve also tried some national servers (I’m from Portugal) but the one I use tests the email on the MAIL FROM command :S

  17. 17 alex

    Actually this is productive. SMTP is essential. I was taught this in university.

  18. thanks for the tutorial.

    it is always interesting to see, and know, what the nasties are doing and how they do it… helps understand how you can (or cant as the case may be) protect against them.

  19. 19 SomeoneNotRetarded

    This tutorial is ancient. It’s been on the internet for ages.
    Not only is it plagiarism it’s outdated information. This won’t work on any major mail services.

  20. After exploring a number of the blog posts on your site, I
    really like your technique of writing a blog.
    I added it to my bookmark website list and will be checking back soon.
    Please check out my web site as well and tell me how
    you feel.

  21. Thanks , I’ve recently been looking for information approximately this
    topic for a while and yours is the best I have came upon till now.
    However, what in regards to the bottom line?
    Are you certain concerning the source?


  1. 1 amsterdam hotel
  2. 2 telcom
  3. 3 its blackjack time
  4. 4 Alice

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: