Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Spoofing emails
From: tadaka at gmail.com (Jason Wood)
Date: Wed, 13 May 2009 22:34:15 -0600

Yes, you can put whatever you want as the from address.  As long as the smtp
server trusts anyone, your credentials or the network you are on, it will
dutifully repeat whatever you tell it.  I generally use
gomer at pyle.comwhenever I'm testing for an open smtp relay.



On Wed, May 13, 2009 at 6:01 PM, Noah <1giglimit at gmail.com> wrote:

If it is an SMTP Server that is accepting outgoing mail without
authentication, and you are sending from a domain that it accepts,

Isn't it possible to just use an e-mail client, say Outlook Express, and
change the Reply Address?

- Noah

-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Robin Wood
Sent: Tuesday, 12 May 2009 8:01 AM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Spoofing emails

2009/5/11 MV <mvharley2 at gmail.com>:
fire it my way please

Here you go, it is a php script and you need to have the PEAR Mail and
possibly mail_mime modules installed. In Debian this is done with :

apt-get install php-mail php-mail-mime

http://www.digininja.org/files/track_email.tar.bz2

I wrote the script so that I could send an email with a tracking dot
in it as I couldn't find a way to do that in easily in any of the
normal mail packages. Simply edit the script to set the to and from
addresses then run it.

Robin


On Mon, May 11, 2009 at 9:23 AM, Robin Wood <dninja at gmail.com> wrote:

I built an app recently that takes a html page and a text page and
then puts them together into an email. You can put whatever you want
into either section.

If people want it I can try to dig it out.

Robin

2009/5/11 Rob Fuller <jd.mubix at gmail.com>:
Metasploit's mailer works really well, and you can craft the email
however
you like, make templates, etc.. yaml ;-)

On Mon, May 11, 2009 at 10:56 AM, natron <natron at invisibledenizen.org

wrote:

On Sat, May 9, 2009 at 11:10 AM, Adrian Crenshaw
<irongeek at irongeek.com>
wrote:

220 mx.gmail.com ESMTP 70si2094099rnb
helo me.somepalace.com
250 mx.gmail.com at your service
MAIL FROM:<irongeek at iirongeek.com>
250 OK
RCPT TO:<irongeek at ggmail.com>
250 OK
DATA
354 Please start mail input.
<snip>

Anyone know of any tools to help you build html emails for this
purpose?
I currently doing it in a cheating way, but it works well.  I'll
craft
an
email in Outlook to make it look exactly how I want, then forward it
to
my
gmail account.  Gmail has a "show original" tab that allows you to
see
the
full source of the email.  Copy and paste into a text editor, modify
fields
to your wishes, then paste it into the DATA section as shown in
irongeek's
email.  This allows you to easily imbed images (it handles all the
MIME
base64 + references stuff automatically for you).

On a related note, I've noticed that if you set the MIME fields in
the
email, all of the configurations of Outlook I've run into will
display
what
is in the DATA section of the email rather than who it is actually
sent
from/to (in the MAIL FROM: and RCPT TO: sections).

Often times email servers will allow you to spoof the MAIL FROM:
address
to appear to come from someone internal (MAIL FROM:
it-department at company.com), but even if they don't, you can set the
From
field inside the DATA section to "it-department at company.com" and
that's
what
outlook will display.  You have to view the headers to realize that's
not
who it came from, which of course no ever does.

These kinds of tricks are incredibly useful for social engineering.

Regards,
N

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090513/419453c6/attachment.htm 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault