Tuesday 24 August 2010
Installing MSN Handwriting feature
MSN Handwriting is one of the cool features that can be added to your MSN Live Messenger. It allows you to write Ink Messages i.e. by drawing. Enabling the handwriting feature can be done by installing the Microsoft Journal Viewer but today I'm going to discuss about the other way to enable handwriting tab in your messenger.
We will be using a MSN messenger add-on called Messenger Plus! for adding the handwriting ability in our messenger. Messenger Plus! Live is an add-on for Windows Live Messenger that adds tons of features and extras to the software. This addon extends the possibilities of Messenger and make your experience a lot more entertaining!
First Download and install the Messenger Plus! from HERE. Then you will need to download the MSN Handwriting script from HERE. But this script requires installation of the Ink Redistributable which you can download from HERE.
After successfull installation, you can use the handwriting feature in your chat window. Have fun with your MSN Live Messenger.
Read more...
First Download and install the Messenger Plus! from HERE. Then you will need to download the MSN Handwriting script from HERE. But this script requires installation of the Ink Redistributable which you can download from HERE.
After successfull installation, you can use the handwriting feature in your chat window. Have fun with your MSN Live Messenger.
Read more...
Bookmark this post: | 
|
How to disable autorun in drives [gpedit.msc]
Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately. The setting for turning off autoplay can be configured using a tool gpedit.msc which is a group policy editing tool for microsoft windows.
By default, Autoplay is disabled on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives. If you enable this setting, you can also disable Autoplay on CD-ROM drives or disable Autoplay on all drives.
This setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default.
Follow the following procedure to disable autorun on drives
Go to start >run >gpedit.msc
A new window of group policy editor pops up.
Go to UserConfiguration > AdministrativeTemplates > System
Make sure the standard tab is being selected.
Then select TurnOffAutoplay > Properties > Enabled > AllDrives
This will disable autorun for all the drives. This can be effective from preventing the autorun of the virii in your system.
Read more...
By default, Autoplay is disabled on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives. If you enable this setting, you can also disable Autoplay on CD-ROM drives or disable Autoplay on all drives.
This setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default.
Follow the following procedure to disable autorun on drives
Go to start >run >gpedit.msc
A new window of group policy editor pops up.
Go to UserConfiguration > AdministrativeTemplates > System
Make sure the standard tab is being selected.
Then select TurnOffAutoplay > Properties > Enabled > AllDrives
This will disable autorun for all the drives. This can be effective from preventing the autorun of the virii in your system.
Read more...
Bookmark this post: |
|
Monday 23 August 2010
Writing secure codes in PHP[basic]
PHP is the most used web developing language and with the increased use of it, there have been increase in poorly programmed sites which have resulted in number of admin hacks and sometimes even worse, server rooting. So I am going to give you some ideas for writing secure codes for general coding flaws in PHP. Most of the time, the programmers forget to sanitize the user input in their PHP code & hence, the code becomes vulnerable to some of the common exploits like file inclusion vulnerabilities, SQL injection, XSS & others... The programmer should never trust anything that comes from the clients and so (s)he should try to create whitelist for what is allowed to. So I am here to give you ideas on preventing these simple vulnerabilities from your PHP code...
General steps:
FILE INCLUSION : File inclusion vulns like RFI(remote) & LFI(local) are exploited by including another file(other than intended by programmer) & this is damn devastating as we can completely rm the box if we escalate privilege with PoC exploits... Anyway let me show the vulnerable code for it...
I've seen many programmers writing the same code & it leads to unexpected result... So any malicious user can include some evil files to r00t the box & you are own3d...
Also many programmers think that they can patch this vuln with the following snippet(based on real example from one of the Nepali ISPs site)
This seems to work fine as it intends to include only php files... aha but still it has got a hole... NULLBYTES - - ? Oh hacked but I secured it... Did you??? No, you didn't... Nullbytes in PHP will terminate the string at where they come and ignore anything that comes after it.
So let me talk about securing it... There are number of ways to secure it and all are perfect. But, at least for me, the switch is the perfect and simplest method to secure this whole code...
The above written code is simple yet secured. You may also create the array of valid files
Another method using regular expression is:
this also should work fine though as already stated I don't use this one... Its a regular expression method...
SQL INJECTION(SQLi): SQL injections are one of the most prevalent web vulns in the websites and they can be very harmful especially for the commercial sites. But still many sites still remain vulnerable to the SQL injection. & again the problem is again the lack of sanitization of GET/POST or COOKIE variables or any other inputs from users... To avoid SQL injection, you need to be as hard as you can. Don't allow any other data types where you assume to be integer types. Don't allow something that is not what you wanted to be accepted by your code. Be as strict as you can for the datatypes.
Now let me show you the simplest form of the vulnerability.
You can see that this takes uid from GET i.e. from user and works accordingly. Seems fine and most of the site visitors won't know about it. But what if someone elite visits the site. He/She will test the GET variable and change the uid value.
The query runs and runs without any filtering mechanism. And if the malicious runs the SQL query, he can do anything to the database. So what's the solution for this? Simply, type checking. You won't expect uid to be anything other than integer type. So why not tell PHP that the uid must be integer...
So this should be secure as the $_GET['uid'] is type casted as integer. Other ways are using the functions is_numeric() which tests if the given variable is integer or not and intval() that would return integer value of variable.
Note that the ways for securing other datatypes is different. I would list you some of the functions so that you can use them to secure your site from SQLi.
Functions to secure SQLi:
mysql_real_escape_string()
addslashes()
The above example was just for SELECT query but you need to watch the other queries like INSERT, UPDATE and DELETE because you can't just trust the user inputs. Moreover, it is always better to strip the inputs to the limited number of characters so that you won't mess up with SQL column truncation vulnerability(google if you want to know about it). Also, always use quotes and brackets in the SQL query strings if your database allows(MySQL does allow).
Cross site scripting(XSS): Its the most prevalent web app vulnerabilities which have been detected even in high profile sites like facebook, microsoft, twitter, etc. It also occurs when you don't sanitize the user inputs. Consider the guestbook which does something like below:
Now, in the name or comment field if I put something like the site is going to display it and as since the HTML tags are not filtered, samar will be alerted in the page. Its just an example. Hackers can redirect users from your site using this exploit by inserting Now let me come to securing it.
Here I have used the function htmlspecialchars() which converts all html special characters into their equivalent entities. For example, < to < and > to >
Since these conversions are made to tags, they do not work as HTML tags and hence prevent XSS. More functions to use while preventing XSS are htmlentities(), strip_tags(), url_encode(), etc. To make 100% XSS proof site, validate everything like $_SERVER variables too. They too can be compromised to XSS the site.
Some critical functions: Here are some of the functions you should be careful with.
passthru(), exec(), system(), shell_exec(), file_get_contents(), fopen(), fwrite(), glob(), file(), readfile(), popen(), mysql_query(),
Other Extra tips: Security of your server can be enhanced by doing some hardening through PHP.INI file too and coding in better styles.
1) Turn off the register_globals
2) Set error_reporting to 0
3) Use @ sign before the functions that are likely to fail usually. eg: @include($page);
4) Turn off allow_url_fopen in PHP.INI
5) Turn on magic_quotes_gpc in PHP.INI
6) Always encrypt the sensitive information. For eg. use md5() once or twice to hash your password.
NOTE: Written around a year ago.
Read more...
General steps:
Validate every input.
Secure your file system.
Secure your file upload system.
Secure your file download system.
Secure your database connection codes.
Secure/encrypt the data.
Secure your file system.
Secure your file upload system.
Secure your file download system.
Secure your database connection codes.
Secure/encrypt the data.
<?php
$page = $_GET['page'];
if (isset($page)) #checks if the $page variable page is set or not
{
include($page); #includes the page without checking if it is legitimate or not...
}
?>
$page = $_GET['page'];
if (isset($page)) #checks if the $page variable page is set or not
{
include($page); #includes the page without checking if it is legitimate or not...
}
?>
I've seen many programmers writing the same code & it leads to unexpected result... So any malicious user can include some evil files to r00t the box & you are own3d...
Also many programmers think that they can patch this vuln with the following snippet(based on real example from one of the Nepali ISPs site)
<?php
$venpage = $_GET['page'];
$venpage = $venpage . ".php";
if (IsSet($venpage))
{
include($venpage);
}
?>
$venpage = $_GET['page'];
$venpage = $venpage . ".php";
if (IsSet($venpage))
{
include($venpage);
}
?>
So let me talk about securing it... There are number of ways to secure it and all are perfect. But, at least for me, the switch is the perfect and simplest method to secure this whole code...
<?php
$page = $_GET['page'];
if(isset($page)) #check if there's page variable set or not
{
switch($page)
{
case "info":
include("info.php");
break;
case "about":
include("about.php");
break;
default:
include("index.php");
break;
}
}
?>
$page = $_GET['page'];
if(isset($page)) #check if there's page variable set or not
{
switch($page)
{
case "info":
include("info.php");
break;
case "about":
include("about.php");
break;
default:
include("index.php");
break;
}
}
?>
Another method using regular expression is:
<?php
//ERROR_REPORTING(E_ALL);
if (IsSet($_GET['page']))
{
$page=$_GET['page'];
$page=preg_replace('/[^a-z]+/i','',$page); //regular expression working here
include $page.".php";
}
else
{
echo "No page set";
}
?>
//ERROR_REPORTING(E_ALL);
if (IsSet($_GET['page']))
{
$page=$_GET['page'];
$page=preg_replace('/[^a-z]+/i','',$page); //regular expression working here
include $page.".php";
}
else
{
echo "No page set";
}
?>
this also should work fine though as already stated I don't use this one... Its a regular expression method...
SQL INJECTION(SQLi): SQL injections are one of the most prevalent web vulns in the websites and they can be very harmful especially for the commercial sites. But still many sites still remain vulnerable to the SQL injection. & again the problem is again the lack of sanitization of GET/POST or COOKIE variables or any other inputs from users... To avoid SQL injection, you need to be as hard as you can. Don't allow any other data types where you assume to be integer types. Don't allow something that is not what you wanted to be accepted by your code. Be as strict as you can for the datatypes.
Now let me show you the simplest form of the vulnerability.
<?php
//configurations for mysql connection
$host = "localhost";
$user = "root";
$pass = "w000000t";
$db = "db_shop";
//connecting to mysql
mysql_connect($host, $user, $pass);
mysql_select_db($db);
$uid = $_GET['uid'];
if (isset($uid))
{
$query = mysql_query("SELECT * FROM `profile` WHERE `uid` = $uid");
if ($query)
{
while($profile = mysql_fetch_array($query))
{
//display or do something here
}
}
}
?>
//configurations for mysql connection
$host = "localhost";
$user = "root";
$pass = "w000000t";
$db = "db_shop";
//connecting to mysql
mysql_connect($host, $user, $pass);
mysql_select_db($db);
$uid = $_GET['uid'];
if (isset($uid))
{
$query = mysql_query("SELECT * FROM `profile` WHERE `uid` = $uid");
if ($query)
{
while($profile = mysql_fetch_array($query))
{
//display or do something here
}
}
}
?>
You can see that this takes uid from GET i.e. from user and works accordingly. Seems fine and most of the site visitors won't know about it. But what if someone elite visits the site. He/She will test the GET variable and change the uid value.
The query runs and runs without any filtering mechanism. And if the malicious runs the SQL query, he can do anything to the database. So what's the solution for this? Simply, type checking. You won't expect uid to be anything other than integer type. So why not tell PHP that the uid must be integer...
<?php
//configurations for mysql connection
$host = "localhost";
$user = "root";
$pass = "w000000t";
$db = "db_shop";
//connecting to mysql
mysql_connect($host, $user, $pass);
mysql_select_db($db);
$uid = (Int) $_GET['uid']; //you say that uid must be integer...
if (isset($uid))
{
$query = mysql_query("SELECT * FROM `profile` WHERE `uid` = $uid");
if ($query)
{
while($profile = mysql_fetch_array($query))
{
//display or do something here
}
}
}
?>
//configurations for mysql connection
$host = "localhost";
$user = "root";
$pass = "w000000t";
$db = "db_shop";
//connecting to mysql
mysql_connect($host, $user, $pass);
mysql_select_db($db);
$uid = (Int) $_GET['uid']; //you say that uid must be integer...
if (isset($uid))
{
$query = mysql_query("SELECT * FROM `profile` WHERE `uid` = $uid");
if ($query)
{
while($profile = mysql_fetch_array($query))
{
//display or do something here
}
}
}
?>
So this should be secure as the $_GET['uid'] is type casted as integer. Other ways are using the functions is_numeric() which tests if the given variable is integer or not and intval() that would return integer value of variable.
Note that the ways for securing other datatypes is different. I would list you some of the functions so that you can use them to secure your site from SQLi.
Functions to secure SQLi:
mysql_real_escape_string()
addslashes()
The above example was just for SELECT query but you need to watch the other queries like INSERT, UPDATE and DELETE because you can't just trust the user inputs. Moreover, it is always better to strip the inputs to the limited number of characters so that you won't mess up with SQL column truncation vulnerability(google if you want to know about it). Also, always use quotes and brackets in the SQL query strings if your database allows(MySQL does allow).
Cross site scripting(XSS): Its the most prevalent web app vulnerabilities which have been detected even in high profile sites like facebook, microsoft, twitter, etc. It also occurs when you don't sanitize the user inputs. Consider the guestbook which does something like below:
<?php
if (isset($_POST['sbtGuestbook']))
{
$name = $_POST['name'];
$comment = $_POST['comment'];
//insert these things into the database
//now print these infos in the page
echo $name."<br />".$comment;
}
?>
if (isset($_POST['sbtGuestbook']))
{
$name = $_POST['name'];
$comment = $_POST['comment'];
//insert these things into the database
//now print these infos in the page
echo $name."<br />".$comment;
}
?>
<script>alert('samar');</script>
<script>location.replace("http://hackerssite.com.np");</script>
<?php
$name = htmlspecialchars($_POST['name']);
$comment = htmlspecialchars($_POST['comment']);
//insert these things into database
//now print them
echo $name."<br />".$comment;
?>
$name = htmlspecialchars($_POST['name']);
$comment = htmlspecialchars($_POST['comment']);
//insert these things into database
//now print them
echo $name."<br />".$comment;
?>
Since these conversions are made to tags, they do not work as HTML tags and hence prevent XSS. More functions to use while preventing XSS are htmlentities(), strip_tags(), url_encode(), etc. To make 100% XSS proof site, validate everything like $_SERVER variables too. They too can be compromised to XSS the site.
Some critical functions: Here are some of the functions you should be careful with.
passthru(), exec(), system(), shell_exec(), file_get_contents(), fopen(), fwrite(), glob(), file(), readfile(), popen(), mysql_query(),
Other Extra tips: Security of your server can be enhanced by doing some hardening through PHP.INI file too and coding in better styles.
1) Turn off the register_globals
2) Set error_reporting to 0
3) Use @ sign before the functions that are likely to fail usually. eg: @include($page);
4) Turn off allow_url_fopen in PHP.INI
5) Turn on magic_quotes_gpc in PHP.INI
6) Always encrypt the sensitive information. For eg. use md5() once or twice to hash your password.
NOTE: Written around a year ago.
Read more...
Bookmark this post: |
|
Spoofing your MAC address in Windows
A Media Access Control address (MAC address) is a unique identifier assigned to network adapters or network interface cards (NICs) usually by the manufacturer for identification. It may also be known as an Ethernet Hardware Address (EHA), hardware address, adapter address, or physical address. In many networks, the mac address based filtering is applied and this can be easily bypassed by spoofing the MAC address.
To spoof the MAC address of your PC in wireless or wired LAN, you can use the software called MACMakeUp
Download it HERE
To find your original MAC address, just type ipconfig /all and you will see the physical address of 6 hex pairs. In order to spoof the MAC address, enter the new MAC address after running the Mac Makeup program.
Read more...
To spoof the MAC address of your PC in wireless or wired LAN, you can use the software called MACMakeUp
Download it HERE
To find your original MAC address, just type ipconfig /all and you will see the physical address of 6 hex pairs. In order to spoof the MAC address, enter the new MAC address after running the Mac Makeup program.
Read more...
Bookmark this post: |
|
Changing screen resolution of Java games
Ever wondered how to change the screen resolution of the java games to suit for your Nokia phone. Here I am going to talk about the ways of changing the screen resolution size of the java games.
The .jar files are nothing but just the archived files so you can use winrar to open the jar file in your PC. The jar files consist of a special folder meta-inf which consists of a file manifest.mf with the few important information about your java games.
What you have to do is open this manifest.mf in a text editor and add the following lines at the end of the file.
First one is the original resolution of the game and second one is the target size of the game.
Finally save the manifest.mf in your jar file and there you go.
This might look a bit harder and confusing for the new people so there are the java resizing softwares out there to change the screen resolution of the .jar files. One of them is a software JarResize. You can google for this software and use this software to easily change the screen resolution of the jar file for your Nokia phones.
Read more...
The .jar files are nothing but just the archived files so you can use winrar to open the jar file in your PC. The jar files consist of a special folder meta-inf which consists of a file manifest.mf with the few important information about your java games.
What you have to do is open this manifest.mf in a text editor and add the following lines at the end of the file.
Nokia-MIDlet-Original-Display-Size: xxx,yyy
Nokia-MIDlet-Target-Display-Size: zzz,www
Example:
Nokia-MIDlet-Original-Display-Size: 176,208
Nokia-MIDlet-Target-Display-Size: 240,320
Nokia-MIDlet-Target-Display-Size: zzz,www
Example:
Nokia-MIDlet-Original-Display-Size: 176,208
Nokia-MIDlet-Target-Display-Size: 240,320
Finally save the manifest.mf in your jar file and there you go.
This might look a bit harder and confusing for the new people so there are the java resizing softwares out there to change the screen resolution of the .jar files. One of them is a software JarResize. You can google for this software and use this software to easily change the screen resolution of the jar file for your Nokia phones.
Read more...
Bookmark this post: |
|
Sunday 22 August 2010
Bypassing torrent connection blocking
In most of the companies, colleges and universities, it is most likely that the system administrators try to employ the torrent traffic blocking in one or another way. This post will discuss about the few ways of bypassing such connection blocking to the torrent sites.
Update: I have also coded a little tool for bypassing the blocking of .torrent files. You can access this service from HERE which allows you to download .torrent file as .txt and later you can rename it as .torrent or just directly open with torrent clients. :)
1) Online torrent services: There exists different online services of different kinds that allow you to bypass the use of the bittorrent client and download the torrent easily using your web browser.
Bitlet.Org:
This service allows you to use the java based bittorrent applet to download the torrent. All you need is to provide the torrent metafile and then you will be able to start the torrent download. But this implements the bittorrent protocol and is a bittorrent client, it might be blocked but still its worth trying so that you can bypass some dumb admins.
Visit the site HERE
Torrent Relay:
TorrentRelay is a website that offers a unique Bittorrent client, one that is entirely web based. You can load torrents from a variety of methods, Local Files, Online URL's or even short MiniNova ID's. TorrentRelay is a powerful and extremely fast client that works though any restrictions, complex routing or firewalls by offering your downloads as an HTTP 'Save As'. It can be used to download torrents in any kind of devices that support viewing webpages.
Visit the site HERE
Furk.net:
This service is similar to the TorrentRelay service and works similar to the TorrentRelay service. This service costs €10/month.
Click to VISIT the site
2) Torrent to Text:
txtor is a service that offers the possibility of downloading a torrent file that's available publicly on the internet as if it were a text file. Nothing more, nothing less. We don't host or offer any torrents itself. Sometimes, admins disallow the .torrent file from being downloaded and in such case, we can use this service to download the torrent as text file and we can rename it to .torrent for our use.
Click to VISIT the site
3) Torrent 2 Exe: Torrent2Exe is another online service that allows you to bind the torrent file in a downloader and this downloaded can be downloaded by the user and then run to download the file. Read more on it HERE in my previous post.
I will be updating with other ways to bypass connection blocking to the torrent site. Stay tuned.
Read more...
Update: I have also coded a little tool for bypassing the blocking of .torrent files. You can access this service from HERE which allows you to download .torrent file as .txt and later you can rename it as .torrent or just directly open with torrent clients. :)
1) Online torrent services: There exists different online services of different kinds that allow you to bypass the use of the bittorrent client and download the torrent easily using your web browser.
Bitlet.Org:
This service allows you to use the java based bittorrent applet to download the torrent. All you need is to provide the torrent metafile and then you will be able to start the torrent download. But this implements the bittorrent protocol and is a bittorrent client, it might be blocked but still its worth trying so that you can bypass some dumb admins.
Visit the site HERE
Torrent Relay:
TorrentRelay is a website that offers a unique Bittorrent client, one that is entirely web based. You can load torrents from a variety of methods, Local Files, Online URL's or even short MiniNova ID's. TorrentRelay is a powerful and extremely fast client that works though any restrictions, complex routing or firewalls by offering your downloads as an HTTP 'Save As'. It can be used to download torrents in any kind of devices that support viewing webpages.
Visit the site HERE
Furk.net:
This service is similar to the TorrentRelay service and works similar to the TorrentRelay service. This service costs €10/month.
Click to VISIT the site
2) Torrent to Text:
txtor is a service that offers the possibility of downloading a torrent file that's available publicly on the internet as if it were a text file. Nothing more, nothing less. We don't host or offer any torrents itself. Sometimes, admins disallow the .torrent file from being downloaded and in such case, we can use this service to download the torrent as text file and we can rename it to .torrent for our use.
Click to VISIT the site
3) Torrent 2 Exe: Torrent2Exe is another online service that allows you to bind the torrent file in a downloader and this downloaded can be downloaded by the user and then run to download the file. Read more on it HERE in my previous post.
I will be updating with other ways to bypass connection blocking to the torrent site. Stay tuned.
Read more...
Bookmark this post: |
|
Saturday 21 August 2010
Download Facebook Photo Albums on Single Click
Your friend created a new photo album with 50 cool pictures and now you want to save all of them in your hard disk. You'll surely feel bored while going through each photo and saving it... But there exists a Firefox addon, Facebook Photo Album Downloader FacePAD to rescue us. This addon can be used to download the whole photo album just by right clicking on the album and a single click.
Download it from HERE
Read more...
Download it from HERE
Read more...
Bookmark this post: |
|
Sending Fake Emails Using Telnet to SMTP Server
In this tutorial I am going to show you how to send fake emails by telnetting the mail server. We will be using telnet client(which comes along with windows) & u should know about telnet.. For knowing more about the telnet, please use the google(or I may write a tut on it).
Sending the forged emails is very easy for which we will be connecting to the remote mail server & use the function of mail daemon running in the remote host to send the fake mails.
First open the command prompt & type 'telnet' (without quotes), then hit enter.. U will be welcomed by the Microsoft Telnet.. Now we have to connect the mail daemon through the specific port & the port should be having SMTP service on. Usually, the SMTP port is 25 but that may differ. I also find the port 26 & 587 used frequently for the SMTP service.. Below, I've made the parts we need to type as bold...
For my example, lets say, www.mailserver.com is providing SMTP mail service through the port 25.
First I connect to the mail server by issuing following command in telnet client.
o www.mailserver.com 25
This establishes remote connection with the port no 25 at mailserver.com
After successful connection, I am displayed with the SMTP infos..
Its always a good idea to ask help from the mail daemon. So first issue HELP to see the supported commands..
Then we introduce ourself to the mail daemon by issuing HELO command.. & after successful helo command, we input the sender email using 'mail from:' (widout quotes) command..
Then we enter the recipient's address using the 'rcpt to:' (widout quotes) command.
Now, we enter our actual data using the DATA command.. Within DATA, u can use SUBJECT: command to enter the subject of email..
Finally, we end our data by entering .(full stop) at the end. This sends the forged mail through that mail server..
now let me show a session of email forging from which u can be more clear.
First, I open command prompt & go to telnet client by typing telnet.. Below is the session:
Microsoft Telnet>o www.mailserver.com 25
220 mailserver.com ESMTP Sendmail Version 8.x.x; Mon, 28 Sept. 2008;
We do not allow to send fake or bulk emails...
helo microsoft.com
250 mailserver.com Hello Nice to meet you..
mail from:billgates@microsoft.com
250 billgates@microsoft.com Sender Ok
rcpt to:victim@victim.com
250 victim@victim.com Recipient Ok
data
354 Enter mail, end with "." on a line by itself..
SUBJECT:Hello!
Hello,
I am Bill Gates, the chairman of Microsoft. I would like to offer you a job for Microsoft Corporation. If you are interested to work with Microsoft, then reply me at my mail address.
Regards~
Bill Gates
.
250 2.0.0 iF3NDLS240106 Message Accepted For Delivery.
This was the session of sending the forged mail from billgates@microsoft.com to victim@victim.com
I hope u understood the log.. So this was my little tutorial on sending forged mails..
The art of sending forged mails can be extended to send file attachments & to use multiple recipients..
Read more...
Sending the forged emails is very easy for which we will be connecting to the remote mail server & use the function of mail daemon running in the remote host to send the fake mails.
First open the command prompt & type 'telnet' (without quotes), then hit enter.. U will be welcomed by the Microsoft Telnet.. Now we have to connect the mail daemon through the specific port & the port should be having SMTP service on. Usually, the SMTP port is 25 but that may differ. I also find the port 26 & 587 used frequently for the SMTP service.. Below, I've made the parts we need to type as bold...
For my example, lets say, www.mailserver.com is providing SMTP mail service through the port 25.
First I connect to the mail server by issuing following command in telnet client.
o www.mailserver.com 25
This establishes remote connection with the port no 25 at mailserver.com
After successful connection, I am displayed with the SMTP infos..
Its always a good idea to ask help from the mail daemon. So first issue HELP to see the supported commands..
Then we introduce ourself to the mail daemon by issuing HELO command.. & after successful helo command, we input the sender email using 'mail from:' (widout quotes) command..
Then we enter the recipient's address using the 'rcpt to:' (widout quotes) command.
Now, we enter our actual data using the DATA command.. Within DATA, u can use SUBJECT: command to enter the subject of email..
Finally, we end our data by entering .(full stop) at the end. This sends the forged mail through that mail server..
now let me show a session of email forging from which u can be more clear.
First, I open command prompt & go to telnet client by typing telnet.. Below is the session:
Microsoft Telnet>o www.mailserver.com 25
220 mailserver.com ESMTP Sendmail Version 8.x.x; Mon, 28 Sept. 2008;
We do not allow to send fake or bulk emails...
helo microsoft.com
250 mailserver.com Hello Nice to meet you..
mail from:billgates@microsoft.com
250 billgates@microsoft.com Sender Ok
rcpt to:victim@victim.com
250 victim@victim.com Recipient Ok
data
354 Enter mail, end with "." on a line by itself..
SUBJECT:Hello!
Hello,
I am Bill Gates, the chairman of Microsoft. I would like to offer you a job for Microsoft Corporation. If you are interested to work with Microsoft, then reply me at my mail address.
Regards~
Bill Gates
.
250 2.0.0 iF3NDLS240106 Message Accepted For Delivery.
This was the session of sending the forged mail from billgates@microsoft.com to victim@victim.com
I hope u understood the log.. So this was my little tutorial on sending forged mails..
The art of sending forged mails can be extended to send file attachments & to use multiple recipients..
Read more...
Bookmark this post: |
|
Subscribe to:
Posts (Atom)