Telnet SMTP
HOW TO SEND FORGED/FAKED E-MAILS MANUALLY [BASIC]:
In this tutorial I am going to show you how to send fake emails by telnetting into the mail server. We will be using the telnet client (which comes with Windows) and you should know about telnet. For learning more about the telnet, please use Google (or I may write a tutorial on it). Sending the forged emails is very easy. We will be connecting to the remote mail server and using the function of mail daemon running in the remote host to send the fake mails.
Anyway, first open the command prompt (start -> run -> cmd)
And type "telnet"
(Without the quotes) then hit enter.. You will be welcomed by Microsoft Telnet.. Now we have to connect the mail daemon through the specific port and the port should have the SMTP service on. Usually, the SMTP port is 25 but that may differ. I also find the port 26 & 587 used frequently for the SMTP service..
For my example, lets say, www.mailserver.com is providing SMTP mail service through the port 25. First I connect to the mail server by issuing following command in telnet client:
This establishes a remote connection to the port number 25 at mailserver.com. After a successful connection, I am displayed with SMTP server info.. It's always a good idea to ask help from the mail daemon. So first issue HELP to see the supported commands..
Then we introduce ourselves to the mail daemon by issuing the "HELO" command.. and after a successful helo command, we input the sender email using 'mail from:' (without quotes) command.. Then we enter the recipient's address using the 'rcpt to:' (without quotes) command.
Now, we enter our actual data using the DATA command.. Within DATA, you can use SUBJECT: command to enter the subject of email..
Finally, we end our data by entering .(full stop) at the end. This sends the forged mail through that mail server..
Now let me show a session of email forging from which you can be more clear.
First, I open command prompt and go to telnet client by typing telnet.. Below is the session:
220 mailserver.com ESMTP Sendmail Version 8.x.x; Mon, 28 Sept. 2008;
We do not allow to send fake or bulk emails...
helo microsoft.com
250 mailserver.com Hello Nice to meet you..
mail from:billgates@microsoft.com
250 billgates@microsoft.com Sender Ok
rcpt to:victim@victim.com
250 victim@victim.com Recipient Ok
data
354 Enter mail, end with "." on a line by itself..
SUBJECT:Hello!
Hello,
I am Bill Gates, the chairman of Microsoft. I would like to offer you a job for Microsoft
Corporation. If you are interested to work with Microsoft, then reply at my mail address.
Regards~
Bill Gates
.
250 2.0.0 iF3NDLS240106 Message Accepted For Delivery.
This was the session of sending the forged mail from billgates@microsoft.com to victim@victim.com
I hope you understood the log.. So this was my little tutorial on sending forged emails.. The art of sending forged emails can be extended to send file attachments and to use multiple recipients.. If you have any further queries, feel free to contact me at samar_acharya[at]hotmail.com. Any positive or negative comment is heartily welcomed.. I may extend this file into bigger form (including esmtp, file attachments,etc.) Hope you liked my this little basic tutorial on sending the forged emails..
Regards~
sam207
Extra Notes:
You can find out which ports are opened and if mail is enabled on any of those ports by doing an nmap scan of the website. SMTP is a very commonly open port and could be used to spoof emails tricking site users to send you their details or anything else needed.
Tutorial by sam207