Saturday 21 August 2010

Sending Fake Emails Using Telnet to SMTP Server

In this tutorial I am going to show you how to send fake emails by telnetting the mail server. We will be using telnet client(which comes along with windows) & u should know about telnet.. For knowing more about the telnet, please use the google(or I may write a tut on it).
Sending the forged emails is very easy for which we will be connecting to the remote mail server & use the function of mail daemon running in the remote host to send the fake mails.

First open the command prompt & type 'telnet' (without quotes), then hit enter.. U will be welcomed by the Microsoft Telnet.. Now we have to connect the mail daemon through the specific port & the port should be having SMTP service on. Usually, the SMTP port is 25 but that may differ. I also find the port 26 & 587 used frequently for the SMTP service.. Below, I've made the parts we need to type as bold...

For my example, lets say, www.mailserver.com is providing SMTP mail service through the port 25.
First I connect to the mail server by issuing following command in telnet client.

o www.mailserver.com 25

This establishes remote connection with the port no 25 at mailserver.com
After successful connection, I am displayed with the SMTP infos..
Its always a good idea to ask help from the mail daemon. So first issue HELP to see the supported commands..
Then we introduce ourself to the mail daemon by issuing HELO command.. & after successful helo command, we input the sender email using 'mail from:' (widout quotes) command..
Then we enter the recipient's address using the 'rcpt to:' (widout quotes) command.
Now, we enter our actual data using the DATA command.. Within DATA, u can use SUBJECT: command to enter the subject of email..
Finally, we end our data by entering .(full stop) at the end. This sends the forged mail through that mail server..

now let me show a session of email forging from which u can be more clear.
First, I open command prompt & go to telnet client by typing telnet.. Below is the session:

Microsoft Telnet>o www.mailserver.com 25
220 mailserver.com ESMTP Sendmail Version 8.x.x; Mon, 28 Sept. 2008;
We do not allow to send fake or bulk emails...
helo microsoft.com
250 mailserver.com Hello Nice to meet you..
mail from:billgates@microsoft.com
250 billgates@microsoft.com Sender Ok
rcpt to:victim@victim.com
250 victim@victim.com Recipient Ok
data
354 Enter mail, end with "." on a line by itself..
SUBJECT:Hello!
Hello,
I am Bill Gates, the chairman of Microsoft. I would like to offer you a job for Microsoft Corporation. If you are interested to work with Microsoft, then reply me at my mail address.
Regards~
Bill Gates
.

250 2.0.0 iF3NDLS240106 Message Accepted For Delivery.

This was the session of sending the forged mail from billgates@microsoft.com to victim@victim.com

I hope u understood the log.. So this was my little tutorial on sending forged mails..
The art of sending forged mails can be extended to send file attachments & to use multiple recipients..