PaulDotCom mailing list archives
Spoofing emails
From: tadaka at gmail.com (Jason Wood)
Date: Wed, 13 May 2009 22:34:15 -0600
Yes, you can put whatever you want as the from address. As long as the smtp server trusts anyone, your credentials or the network you are on, it will dutifully repeat whatever you tell it. I generally use gomer at pyle.comwhenever I'm testing for an open smtp relay. On Wed, May 13, 2009 at 6:01 PM, Noah <1giglimit at gmail.com> wrote:
If it is an SMTP Server that is accepting outgoing mail without authentication, and you are sending from a domain that it accepts, Isn't it possible to just use an e-mail client, say Outlook Express, and change the Reply Address? - Noah -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Robin Wood Sent: Tuesday, 12 May 2009 8:01 AM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Spoofing emails 2009/5/11 MV <mvharley2 at gmail.com>:fire it my way pleaseHere you go, it is a php script and you need to have the PEAR Mail and possibly mail_mime modules installed. In Debian this is done with : apt-get install php-mail php-mail-mime http://www.digininja.org/files/track_email.tar.bz2 I wrote the script so that I could send an email with a tracking dot in it as I couldn't find a way to do that in easily in any of the normal mail packages. Simply edit the script to set the to and from addresses then run it. RobinOn Mon, May 11, 2009 at 9:23 AM, Robin Wood <dninja at gmail.com> wrote:I built an app recently that takes a html page and a text page and then puts them together into an email. You can put whatever you want into either section. If people want it I can try to dig it out. Robin 2009/5/11 Rob Fuller <jd.mubix at gmail.com>:Metasploit's mailer works really well, and you can craft the email however you like, make templates, etc.. yaml ;-) On Mon, May 11, 2009 at 10:56 AM, natron <natron at invisibledenizen.orgwrote:On Sat, May 9, 2009 at 11:10 AM, Adrian Crenshaw <irongeek at irongeek.com> wrote:220 mx.gmail.com ESMTP 70si2094099rnb helo me.somepalace.com 250 mx.gmail.com at your service MAIL FROM:<irongeek at iirongeek.com> 250 OK RCPT TO:<irongeek at ggmail.com> 250 OK DATA 354 Please start mail input. <snip>Anyone know of any tools to help you build html emails for this purpose? I currently doing it in a cheating way, but it works well. I'llcraftan email in Outlook to make it look exactly how I want, then forward ittomy gmail account. Gmail has a "show original" tab that allows you toseethe full source of the email. Copy and paste into a text editor, modify fields to your wishes, then paste it into the DATA section as shown in irongeek's email. This allows you to easily imbed images (it handles all theMIMEbase64 + references stuff automatically for you). On a related note, I've noticed that if you set the MIME fields intheemail, all of the configurations of Outlook I've run into willdisplaywhat is in the DATA section of the email rather than who it is actuallysentfrom/to (in the MAIL FROM: and RCPT TO: sections). Often times email servers will allow you to spoof the MAIL FROM: address to appear to come from someone internal (MAIL FROM: it-department at company.com), but even if they don't, you can set the From field inside the DATA section to "it-department at company.com" andthat'swhat outlook will display. You have to view the headers to realize that's not who it came from, which of course no ever does. These kinds of tricks are incredibly useful for social engineering. Regards, N _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090513/419453c6/attachment.htm
Current thread:
- Spoofing emails, (continued)
- Spoofing emails Nathan Sweaney (May 09)
- Spoofing emails Adrian Crenshaw (May 09)
- Spoofing emails natron (May 11)
- Spoofing emails Rob Fuller (May 11)
- Spoofing emails Robin Wood (May 11)
- Spoofing emails MV (May 11)
- Spoofing emails Dimitrios Kapsalis (May 11)
- Spoofing emails Russell Butturini (May 11)
- Spoofing emails Robin Wood (May 11)
- Spoofing emails Noah (May 13)
- Spoofing emails Jason Wood (May 13)
- Spoofing emails Jim Halfpenny (May 14)
- Spoofing emails Robin Wood (May 14)
- Spoofing emails Jason Wood (May 14)
- Spoofing emails Jim Halfpenny (May 14)
- Spoofing emails Sam Buhlig (May 14)
- Spoofing emails Adrian Crenshaw (May 09)
- Spoofing emails d4ncingd4n at gmail.com (May 14)
- Spoofing emails Nathan Sweaney (May 09)
- Spoofing emails Jim Halfpenny (May 15)
- Spoofing emails Jack Daniel (May 15)
- Spoofing emails John Miller (May 15)