Forging Emails and staying Anonymous - Part 1
Author: philidor
Wednesday, 08 May 2002, 10:24 GMT
Reader Comments | Add your opinion
This is part 1 of a two part series in forging and anonymous emails. I know this article is kinda lame, but the next one will be more advanced...
So you want to send anonymous forged emails?? Sounds cool. I like to send them every now and then myself. Lumping anonymous and forged together is difficult, because if you want to forge email headers then you have to relay through an open mail server(which aren't normally anonymous). On the other hand if you want to be anonymous (as you are right now) then you can't really use your web mailer to forge.. hmmmm....
The tough answer is that you can't forge with a typical mail-based account. Now you could use a cheap free online anonymous site like: http://www.widexl.com/remote/mailer.html but they attach different tags on the email tipping off the recepient.
You can forge with "Outlook Express" but you are probably not going to be anonymous. It is really too much of a hassle to forge with "Outlook Express". You should use Aenima or Avalanche... First thing you need to do is find open mail relays.
The easiest way to do this is, no kidding, open a hotmail account then sign you account up at porn sites (don't look.;-) and several various free online sites. Wait a week or so and the email (most forged) will start flowing in. You can easily spot which emails are forged by the headers. In your case:
Received: from smtp4.hushmail.com (smtp4.hushmail.com [64.40.111.34])
> by imap3.hushmail.com (Postfix) with ESMTP id BEF8C258AA8
> for ; Sun, 5 May 2002 05:09:53 -0700
(PDT)
>Received: from servihoo.com (mail.servihoo.com [202.123.2.125])
> by smtp4.hushmail.com (Postfix) with ESMTP id 7220B3AAB
> for ; Sun, 5 May 2002 05:09:46 -0700 (PDT)
>Received: from [202.123.17.243] (account )
> by servihoo.com (CommuniGate Pro WebUser 3.3)
> with HTTP id 4102995 for ; Sun, 05 May 2002 16:09:03
In your case, the headers are probably real as we see that your email address and the last IP all correspond. Advanced hackers can forge Received lines to make them appear real. The forged emails will have descrepencies:
Received: from [203.199.203.20] by hotmail.com (3.2) with ESMTP id MHotMailBEA22CDE119CBC7CB140BBA0; Wed, 08 May 2002 01:31:15 -0700 Received: from smtp-gw-4.msn.com (node-c-c205.a2000.nl [62.194.194.5]) by mail2.nittanyindia.net (8.11.2/linuxconf) with ESMTP id g488VMN24376;Wed, 8 May 2002 04:31:26 -0400
Notice how the second Received line doesn't match up. You resolve the last IP and it comes from the Netherlands, not smtp-gw-4.msn.com. So this last IP is probably open to mail relay. yeaaaah.....
Use Netcat for Windows or netcat or telnet for Unix to connect to the system. In this case I'll use Netcat for windows:
nc 62.194.194.5 25
I try some commands and realize that 62.194.194.5 is the true source of the forgery so whoever didn't cover there tracks too good. That means that the open mail relay must be 203.199.203.20:
nc 203.199.203.20 25
Now I issue the helo command to tell the server who I am (i'll attempt to be mail4.yahoo.com)
helo mail4.yahoo.com
The server will respond back telling you if it recognizes you or not. Now it is time to forge the from address:
mail from:
Mail server should accept it..... Now comes the moment of truth, the recepient:
rcpt to:
Server responds with recepient ok!! We just found a mail relay.... No you want to enter data (I'll not address forging extra lines To: Subject: From: Recieved: here, but you'll probably want to, or better yet have your email prog do it) Enter the text of the message:
data
The server says to enter data followed by a . on a line by itself
This is a test
.
Message is accepted for delivery so you'll want to quit
quit
Now it is time to sit back and wait for the mail to come to your inbox. First thing to check is if it shows your IP in the headers (you don't want that). If it does then you need to connect out to a shell account or other system then from there
connect to the open mail relay. If you are lucky you'll find a relay that hides your IP (I don't give those out....) Here are a few non-anonymous relays that will get you started:
195.154.31.102
198.85.54.244
62.168.12.193
61.113.40.130
194.208.26.226
62.42.230.27
202.195.40.61
199.165.146.242
194.51.105.80
211.115.94.137
So you still want to use Outlook, not recommended (it will put your system name on the email by default), then go to tools, then accounts, and add a "fake email account". Set your outgoing smtp server to be the open mail relay IP you just tested, and use any old bogus IP for the inbound(we don't care). Save your settings, then send email the easy way. Instead of typing all of those commands above, the mail program does it for you.
If you want to send anonymous email through the web then you are in luck, because you can set your system to route through a proxy before you connect to your already anonymous web mailer. Hotmail is anonymous is you route through a proxy in the Netherlands. As long as that proxy isn't owned by the CIA........
So to make a long story short... Forging is fun, but it is difficult to maintain your anonymity. Being anonymous is cool and is very easy to do with a free anonymous email service coupled with an anonymous proxy.
This was the basic intro. I'll go into advanced forging and anonymous techniques in the next article.
Reader Comments:
No comments. Post your comment here
|
|
