*Please note that this hack is only to be used on people you know are very gullible. Even then it’s illegal so actually, don’t do it at all. This document is (of course) for educational purposes only.
In this document I am going to describe to you a sample hack I did that utilizes mail spoofing. I did this on a guy I knew that I didn’t particularly like. I knew that he had just got internet access for his Mac and he didn’t really know much about the internet or computing in general (I think he just got it for the girly pictures). Anyway, he was also very naive and this is a key factor because anyone with half a brain could work out that there was something suspicious going on. Anyway, on with the story...
The first thing I did was find out his E-mail address (this wasn’t hard - I just asked him!). From this we can learn two things: His username (if he was JohnDoe@ISP.com, his username would be JohnDoe. If, as is fast becoming the trend with ISP’s, he had unlimited E-mail addresses (a good example of this is my address - <Jambo@Yewclark.demon.co.uk>) his username would be after the @mark (for example, if his E-mail address was JohnDoe@Whatever.ISP.com then his username would be ‘Whatever’). If you are unsure, one easy way to find out is phone up his ISP, pretending to be a potential customer, and ask how many E-mail addresses you get with the standard dial-up service. The other thing we can learn from his address is his IP, so that we can ping him if he is currently online, but there’s very little challenge in that.
Now that we know what his E-mail address is , we incorporate the mailspoof. I’m not very good at describing technical procedures so I’ll instead quote from HackAddict 2:
This technique is used to fool UUCP on a UNIX (or similar) server.
1. Telnet to port 25 of your localhost. (in our case ISP.com)
2. Try very hard not to type "helo".
3. Type: telnet
4. At the "telnet>" prompt, type: open localhost (ISP.com) port 25
5. Type: rcpt to {address of fake mailee} (enter)
6. Type: mail from {the fake address you want} (enter)
7. Type: data (enter)
8. If you are unfamiliar with UNIX, the first line in the message will be the subject line.
9. Type in the message you want to send.
10. When you want to send your message type "." on an empty line.
11. Type "quit".
So the entire thing will look like this...
(All the crap about the server and login)
telnet
telnet> open localhost port 25 /* "telnet>" is the prompt. */
rcpt to vicepresident@whitehouse.gov /* The mailees address */
mail from president@whitehouse.gov /* The address you wish to spoof */
data
Seasons Greetings /* Mail subject */
Merry Christmas from everyone's friend...
Uncle Willy! /* Mail body */
.
quit
Remember, this is traceable by any Administrator on the system...Harrassment will get you in trouble.
If you can, telnet to the site where the mailee has his or her account.
This still works as far as I know...I use this on several different systems and I haven't had any trouble.
And there, you go. In our case, we want the mail data to be something like this:
Dear Sir,
As user <JohnDoe> we are pleased to inform you that you are one of the first to benefit from ISP.com’s new alliance with Hotmail. In a nutshell, Hotmail will improve your E-mail. Sending and receiving of mail will be faster, maximizing your online time and reducing your phone bill, and the new X265 encoding system from Crapola technologies allows us to send attachments seven times faster! To incorporate you in our new E-mail system, we need the following information:
Username: JohnDoe
User Password: Please fill in
Outgoing (SMTP) mail server: Please fill in
Incoming (POP3) server: Please fill in
Please send the above data to <ISPUserData@Hotmail.com> (you’ll have to set up a Hotmail account, by the way)
Thank you for your time.
Any bullshit will do so long as it asks for their E-mail password and if you don’t know them, their POP3 and SMTP addresses. You want the mail from to be something like <Hotmailaccounts@ISP.com>. Now, I am going to repeat the warning: Only do this if they are especially gullible. If they realize that it’s a ploy, they will probably tell their ISP, who can easily track you. You can, to make it a bit safer, send the message from an anonymous remailer, but they will probably not believe a message from their ISP could come from <123456789@Anon.Com>. So hopefully, if all goes to plan, you will now have their E-mail password and mail server addresses. What can you do with them? Well, you can read their mail by using your mail client and connecting it to their server (make sure you configure it to leave a copy on the server, otherwise they will not be able to read their mail and most probably get suspicious). You can also send mail from their account. This is why I did it. There are probably millions of other options too. To be honest, I wouldn’t try this hack. There are too many potential problems. Looking back, although it was successful for me, that was probably just luck on my part, and stupidity on his.
I hope you have learnt something from this text (yeah, like check to see how long it is before you start reading a file) and if you want to mail me, you know where I am (it’s up top, fool).
